Port Forwarding Over WireGuard Connection?

[ZebMcKayhan]

I wonder if this route is something new in 388.4 cause the few other posts about port forwarding via WireGuard haven't come across this issue yet but they are older threads so chances are they were using an older firmware version.

These have been there atleast from 388.2. This wouldn't typically be an issue for anyone else unless they are using the same vpn as you. May I ask which vpn provider you have?

Unless your port test was done from your vpn provider own service it appears your vpn provider MASQUARADES port forwarded packets which is stupid in more ways than one.

Firstly it creates routing difficulties like in our case since the vpn tunnel to this ip must be over wan. Many implementation uses wireguard build-in fwmarks for this but some don't. Like our routers where fwmarks are already used by ai protect.

Secondly, if you create a local service accessible from internet you surely would like to know which are using it so you could prevent bots and track potential threats.

 

[HarryMuscle]

These have been there atleast from 388.2. This wouldn't typically be an issue for anyone else unless they are using the same vpn as you. May I ask which vpn provider you have?

Unless your port test was done from your vpn provider own service it appears your vpn provider MASQUARADES port forwarded packets which is stupid in more ways than one.

Firstly it creates routing difficulties like in our case since the vpn tunnel to this ip must be over wan. Many implementation uses wireguard build-in fwmarks for this but some don't. Like our routers where fwmarks are already used by ai protect.

Secondly, if you create a local service accessible from internet you surely would like to know which are using it so you could prevent bots and track potential threats.

Thank you for the detailed info, much appreciated. I was trying to get this working with ovpn.com but I think maybe I should consider another VPN provider ... although ovpn.com is generally highly recommended on Reddit.

 

[houmi]

Thank you for the detailed info, much appreciated. I was trying to get this working with ovpn.com but I think maybe I should consider another VPN provider ... although ovpn.com is generally highly recommended on Reddit.

I have port forwarding with TorGuard, it works fine on the Windows App via Wireguard but not on Asus, I have tried it on stock and Merlin. It seems to be a limitation of this router's FW unless you play with iptables.

I happened to have a GliNet Travel router and I set Wireguard with Port forwarding on it in 5 minutes to access Plex, it just works via the UI and it has many other features.

Sadly I am going to switch my main AX86U to a GliNet Flint 2 and use my second AX86U as a wired AP. It shouldn't be this difficult to set this up in 2023. I'll be using this with my Plex server that runs on an UnRaid box (behind CGNAT). I had nothing but difficulty as well setting VPN up on the UnRaid's dockers unless I set the VPN in there to work for the whole system but at that level I might just use it on the router and route toward certain IPs & Ports.

Cheers/Good luck.