Wireguard port 51820

[BeachGuy]

I searched but didn't find answer. I have WireGuard Server set up on port 51820. When I go to public networks it looks like connected but no internet. I found this on the internet "Many public/guest networks only allow common web and mail traffic and either block or aggressively shape “unknown” UDP like WireGuard’s default port 51820". They suggest changing it to port 443 which they say is hardly ever blocked. Is that good advice and will that work? Is there a security risk with "opening" port 443?

 

[ColinTaylor]

Try it and find out. It's probably less of a security risk than running WireGuard on its commonly known port.

That said, it still might not work. If the argument for using port 443 is that it isn't blocked that would likely only apply for TCP traffic (i.e. HTTPS). As WireGuard uses UDP it still might be blocked. YMMV

 

[BeachGuy]

Apparently WireGuard Server isn't meant to use as router when away on public networks? I thought I could tunnel to it to use my more secure router rather than public WiFi. I thought WireGuard was more modern/better protocol than OpenVPN but I have gone back to using OpenVPN Server (TCP port 443).

I also see "Instant Guard". Doc says you have to "Remote Connection enabled in ASUS Router App" which seems like exposed to internet.

 

[CaptainSTX]

Apparently WireGuard Server isn't meant to use as router when away on public networks? I thought I could tunnel to it to use my more secure router rather than public WiFi. I thought WireGuard was more modern/better protocol than OpenVPN but I have gone back to using OpenVPN Server (TCP port 443).

I also see "Instant Guard". Doc says you have to "Remote Connection enabled in ASUS Router App" which seems like exposed to internet.

Something must be off with your setup. My WG server is setup using the default port 51820 and when I'm out and about using public WiFi I regularly connect back to my router and use my router and home internet connection. I never had a problem doing so. Did you select in the setup of your server to connect to both LAN & Internet? I have UPnP disabled.

 

[BeachGuy]

Something must be off with your setup. My WG server is setup using the default port 51820 and when I'm out and about using public WiFi I regularly connect back to my router and use my router and home internet connection. I never had a problem doing so. Did you select in the setup of your server to connect to both LAN & Internet? I have UPnP disabled.

Did you select in the setup of your server to connect to both LAN & Internet? yes
I have UPnP disabled. me too

I also have Skynet installed. Doing some research it may have been blocking so I had to add firewall rules and whitelist WG. But after all that still had problems connecting on public WiFi. Just got back from an area on public WiFi using OpenVPN TCP/443 no problems and seemed very fast or at least fast enough.

Researching this I've found that many public/corporate etc. block non-standard ports and UDP by default (which is what WG uses).

Do you have any suggestions? I'm all for WG if it's a better protocol and faster but if I can't even use it on public WiFi there's no point.

 

[CaptainSTX]

Did you select in the setup of your server to connect to both LAN & Internet? yes
I have UPnP disabled. me too

I also have Skynet installed. Doing some research it may have been blocking so I had to add firewall rules and whitelist WG. But after all that still had problems connecting on public WiFi. Just got back from an area on public WiFi using OpenVPN TCP/443 no problems and seemed very fast or at least fast enough.

Researching this I've found that many public/corporate etc. block non-standard ports and UDP by default (which is what WG uses).

Do you have any suggestions? I'm all for WG if it's a better protocol and faster but if I can't even use it on public WiFi there's no point.

I also have Skynet installed and it isn't causing any issues when remotely connecting to my WG server. I don't have any other suggestions. I have both an OpenVPN server and a WG server enabled and on remote connecting devices I use which ever is easiest to setup.

 

[bbunge]

Apparently WireGuard Server isn't meant to use as router when away on public networks? I thought I could tunnel to it to use my more secure router rather than public WiFi. I thought WireGuard was more modern/better protocol than OpenVPN but I have gone back to using OpenVPN Server (TCP port 443).

I also see "Instant Guard". Doc says you have to "Remote Connection enabled in ASUS Router App" which seems like exposed to internet.

No, you do not need Remote Connection enabled to use Instant Guard. Enabling remote connection on the router is a security risk! Instant Guard seems to work places where other VPNs are blocked and I have come across a few of those. Wireguard with default port settings works for me in most places. I have a travel router that uses Wireguard to tunnel to my home router.

 

[BeachGuy]

Very strange that you guys can all connect using WG. I cannot at my local dentist office and mall.

 

[BeachGuy]

No, you do not need Remote Connection enabled to use Instant Guard. Enabling remote connection on the router is a security risk! Instant Guard seems to work places where other VPNs are blocked and I have come across a few of those. Wireguard with default port settings works for me in most places. I have a travel router that uses Wireguard to tunnel to my home router.

I agree that enabling remote connection on the router is a security risk, that's why I mentioned it. But the Instant Guard documentation states "Remote Connection enabled in ASUS Router App". https://www.asus.com/us/support/faq/1044340/

One of the suggestions does say putting a travel router between public WiFi and home router can solve the connection issue.