moejoe 1 Posted ... Cable-Router: Vodafone Station VPN-Router: Glinet Router GL-MT300N-V2 Firmware: 3.211 based on OpenWrt 19.07.8 Client: Raspberry Pi 2 Model B Rev 1.1 with dyndns ( ddclient) Hello folks, Im running an server module on my raspberry successfull over an vpn client over openvpn on the Glinet Router. But if i switch to wireguard, no connections are able to connecting from outside to the Ras Atm im use for connecting through wireguard the Customized Glinet Interface and not the Luci One which is based on that. But i have some custom iptables commands, to forward my ports: iptables -A INPUT -i tun0 -p tcp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o tun0 -p tcp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i tun0 -p udp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o tun0 -p udp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -I FORWARD -i tun0 -p udp -d 192.168.2.12 --dport 51813 -j ACCEPT iptables -I FORWARD -i tun0 -p tcp -d 192.168.2.12 --dport 51813 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 51813 -j DNAT --to-destination 192.168.2.12:45345 iptables -t nat -I PREROUTING -i tun0 -p udp --dport 51813 -j DNAT --to-destination 192.168.2.12:45345 iptables -t nat -A PREROUTING -i tun -p udp --dport 51813 -j REDIRECT --to-ports 45345 iptables -t nat -A PREROUTING -i tun -p udp --dport 51813 -j REDIRECT --to-ports 45345 So I'm not quite sure, why openvpn works but with WG it doesnt. May someone has a clue, or know an approach to figure out on which point i have to take action. best regards Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Be advised that Wireguard interface naming is not standardized like it is with OpenVPN. These same rules probably must be rewritten for whatever the name of the Wireguard interface is (unless you specifically called the profile or config tun0[.conf]), unsure how OpenWrt handles interface naming there. 1 moejoe reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
moejoe 1 Posted ... @OpenSourcerer OMG Thnx for this hint , i think i was blended from the support from my former vpn provider ovpn before. they said that everything which is used with openvpn should work with wg also without addtional configs or rules. I added the Rules for the temp wg interface also and everything seems to work now. But, to be fair, i was a little bit blind to see and unable to look through the mist. moreover: do i need every rule for the port forwarding ? im not quite sure if i need one chain at the top ( insert) and one at the end ( apppend). Update: I have to correct sth. i'm trxying to run wg on ovpn provider first with these config and this i have also explained this the support from ovpn: WG: iptables -I FORWARD -i wg0 -p udp -d xxx.xxx.x.1 --dport 55345 -j ACCEPT iptables -I FORWARD -i wg0 -p tcp -d xxx.xxx.x.1 --dport 55345 -j ACCEPT iptables -t nat -I PREROUTING -i wg0 -p tcp --dport 55345 -j DNAT --to-destination xxx.xxx.x.1:22350 iptables -t nat -I PREROUTING -i wg0 -p udp --dport 55345 -j DNAT --to-destination xxx.xxx.x.1:22350 #iptables -t nat -A PREROUTING -i tun -p udp --dport 55345 -j REDIRECT --to-ports 22350 #iptables -t nat -A PREROUTING -i tun -p udp --dport 55345 -j REDIRECT --to-ports 22350 But this hasnt worked with ovpn and dozens of support conversations, so i would like to clarify this that the support has some knowledge about the matter but not entirely from my point of view. best regards Quote Share this post Link to post