Wireguard port 51820

[BeachGuy]

I searched but didn't find answer. I have WireGuard Server set up on port 51820. When I go to public networks it looks like connected but no internet. I found this on the internet "Many public/guest networks only allow common web and mail traffic and either block or aggressively shape “unknown” UDP like WireGuard’s default port 51820". They suggest changing it to port 443 which they say is hardly ever blocked. Is that good advice and will that work? Is there a security risk with "opening" port 443?

 

[ColinTaylor]

Try it and find out. It's probably less of a security risk than running WireGuard on its commonly known port.

That said, it still might not work. If the argument for using port 443 is that it isn't blocked that would likely only apply for TCP traffic (i.e. HTTPS). As WireGuard uses UDP it still might be blocked. YMMV

 

[BeachGuy]

Apparently WireGuard Server isn't meant to use as router when away on public networks? I thought I could tunnel to it to use my more secure router rather than public WiFi. I thought WireGuard was more modern/better protocol than OpenVPN but I have gone back to using OpenVPN Server (TCP port 443).

I also see "Instant Guard". Doc says you have to "Remote Connection enabled in ASUS Router App" which seems like exposed to internet.

 

[CaptainSTX]

Apparently WireGuard Server isn't meant to use as router when away on public networks? I thought I could tunnel to it to use my more secure router rather than public WiFi. I thought WireGuard was more modern/better protocol than OpenVPN but I have gone back to using OpenVPN Server (TCP port 443).

I also see "Instant Guard". Doc says you have to "Remote Connection enabled in ASUS Router App" which seems like exposed to internet.

Something must be off with your setup. My WG server is setup using the default port 51820 and when I'm out and about using public WiFi I regularly connect back to my router and use my router and home internet connection. I never had a problem doing so. Did you select in the setup of your server to connect to both LAN & Internet? I have UPnP disabled.

 

[BeachGuy]

Something must be off with your setup. My WG server is setup using the default port 51820 and when I'm out and about using public WiFi I regularly connect back to my router and use my router and home internet connection. I never had a problem doing so. Did you select in the setup of your server to connect to both LAN & Internet? I have UPnP disabled.

Did you select in the setup of your server to connect to both LAN & Internet? yes
I have UPnP disabled. me too

I also have Skynet installed. Doing some research it may have been blocking so I had to add firewall rules and whitelist WG. But after all that still had problems connecting on public WiFi. Just got back from an area on public WiFi using OpenVPN TCP/443 no problems and seemed very fast or at least fast enough.

Researching this I've found that many public/corporate etc. block non-standard ports and UDP by default (which is what WG uses).

Do you have any suggestions? I'm all for WG if it's a better protocol and faster but if I can't even use it on public WiFi there's no point.

 

[CaptainSTX]

Did you select in the setup of your server to connect to both LAN & Internet? yes
I have UPnP disabled. me too

I also have Skynet installed. Doing some research it may have been blocking so I had to add firewall rules and whitelist WG. But after all that still had problems connecting on public WiFi. Just got back from an area on public WiFi using OpenVPN TCP/443 no problems and seemed very fast or at least fast enough.

Researching this I've found that many public/corporate etc. block non-standard ports and UDP by default (which is what WG uses).

Do you have any suggestions? I'm all for WG if it's a better protocol and faster but if I can't even use it on public WiFi there's no point.

I also have Skynet installed and it isn't causing any issues when remotely connecting to my WG server. I don't have any other suggestions. I have both an OpenVPN server and a WG server enabled and on remote connecting devices I use which ever is easiest to setup.

 

[bbunge]

Apparently WireGuard Server isn't meant to use as router when away on public networks? I thought I could tunnel to it to use my more secure router rather than public WiFi. I thought WireGuard was more modern/better protocol than OpenVPN but I have gone back to using OpenVPN Server (TCP port 443).

I also see "Instant Guard". Doc says you have to "Remote Connection enabled in ASUS Router App" which seems like exposed to internet.

No, you do not need Remote Connection enabled to use Instant Guard. Enabling remote connection on the router is a security risk! Instant Guard seems to work places where other VPNs are blocked and I have come across a few of those. Wireguard with default port settings works for me in most places. I have a travel router that uses Wireguard to tunnel to my home router.

 

[BeachGuy]

Very strange that you guys can all connect using WG. I cannot at my local dentist office and mall.

 

[BeachGuy]

No, you do not need Remote Connection enabled to use Instant Guard. Enabling remote connection on the router is a security risk! Instant Guard seems to work places where other VPNs are blocked and I have come across a few of those. Wireguard with default port settings works for me in most places. I have a travel router that uses Wireguard to tunnel to my home router.

I agree that enabling remote connection on the router is a security risk, that's why I mentioned it. But the Instant Guard documentation states "Remote Connection enabled in ASUS Router App". https://www.asus.com/us/support/faq/1044340/

One of the suggestions does say putting a travel router between public WiFi and home router can solve the connection issue.

 

[SoFluffy]

I too have Skynet and WG server running, no issues.

I'd suggest installing a WG client profile on your phone and testing at home by turning off wifi and using cellular data. This could speed up your troubleshooting process.

If that works, then there is chance that those other locations are blocking UDP on that port or using DPI to intercept and block the traffic. (I highly doubt DPI at your dentist, but who knows..)

Did you setup DDNS? Did you check that WG client config is using that DDNS name for the target endpoint and/or has your current WAN IP? Are you using IPv6?

Does it "connect" but then you have no internet? (Try connecting from phone then watch the VPN server in the router's GUI to see if the client is listed there as connected.)

Also, some ISP block incoming ports, either directly, or perhaps you are double NAT'd. What ISP and what is the modem/ONT/router setup before the ASUS router?

 

[BeachGuy]

I too have Skynet and WG server running, no issues.

I'd suggest installing a WG client profile on your phone and testing at home by turning off wifi and using cellular data. This could speed up your troubleshooting process.

Yes did this and it works. Just means cell service doesn't block.

If that works, then there is chance that those other locations are blocking UDP on that port or using DPI to intercept and block the traffic. (I highly doubt DPI at your dentist, but who knows..)

Did you setup DDNS? Did you check that WG client config is using that DDNS name for the target endpoint and/or has your current WAN IP? Are you using IPv6?

No I use WAN IP which rarely changes

Does it "connect" but then you have no internet? (Try connecting from phone then watch the VPN server in the router's GUI to see if the client is listed there as connected.)

Also, some ISP block incoming ports, either directly, or perhaps you are double NAT'd. What ISP and what is the modem/ONT/router setup before the ASUS router?

Spectrum EU2251 (PC20)