ANSWERED [solved] Server Connection issues with Wireguard

[moejoe 1]

Cable-Router: Vodafone Station
VPN-Router: Glinet Router GL-MT300N-V2 

• Firmware: 3.211  based on  OpenWrt 19.07.8

Client:  Raspberry Pi 2 Model B Rev 1.1  with dyndns ( ddclient)

Hello folks,

Im running an server module on my raspberry successfull over an vpn client over openvpn  on the Glinet Router.
But if i switch to wireguard, no connections are able to connecting from outside to the Ras
Atm im use for connecting through wireguard  the Customized Glinet Interface and not the Luci One which is based on that.

But i have some custom iptables commands, to forward my ports:
 

iptables -A INPUT -i tun0 -p tcp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o tun0 -p tcp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun0 -p udp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o tun0 -p udp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT


iptables -I FORWARD -i tun0 -p udp -d 192.168.2.12  --dport   51813  -j ACCEPT
iptables -I FORWARD -i tun0 -p tcp -d 192.168.2.12   --dport  51813 -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp --dport  51813 -j DNAT --to-destination 192.168.2.12:45345
iptables -t nat -I PREROUTING -i tun0 -p udp --dport 51813 -j DNAT --to-destination 192.168.2.12:45345
iptables -t nat -A PREROUTING -i tun -p udp --dport 51813  -j REDIRECT --to-ports 45345
iptables -t nat -A PREROUTING -i tun -p udp --dport 51813  -j REDIRECT --to-ports 45345

So I'm not quite sure, why openvpn works but with  WG it  doesnt.


May someone has a clue, or know an approach to figure out on which point i have to take action. 


best regards





 

[OpenSourcerer 1435]

Be advised that Wireguard interface naming is not standardized like it is with OpenVPN. These same rules probably must be rewritten for whatever the name of the Wireguard interface is (unless you specifically called the profile or config tun0[.conf]), unsure how OpenWrt handles interface naming there.

[moejoe 1]

@OpenSourcerer
OMG

Thnx for this hint , i think i was blended from the support from my former vpn provider  ovpn before. they said that everything which is used with openvpn should work with wg also without addtional configs or rules.

I added the Rules for the temp wg interface also and everything seems to work now.

But, to be fair, i was a little bit blind to see and unable to look through the mist. 

moreover: do i need every rule for the port forwarding ? im not quite sure if i need one chain at the top ( insert) and one at the end ( apppend).

Update:

I have to correct sth. i'm trxying to run wg on ovpn provider first with these config and this i have also explained this the support from ovpn:
 

WG:

iptables -I FORWARD -i wg0 -p udp -d xxx.xxx.x.1  --dport 55345 -j ACCEPT
iptables -I FORWARD -i wg0 -p tcp -d xxx.xxx.x.1  --dport 55345 -j ACCEPT
iptables -t nat -I PREROUTING -i wg0 -p tcp --dport 55345 -j DNAT --to-destination xxx.xxx.x.1:22350
iptables -t nat -I PREROUTING -i wg0 -p udp --dport 55345 -j DNAT --to-destination xxx.xxx.x.1:22350
#iptables -t nat -A PREROUTING -i tun -p udp --dport 55345  -j REDIRECT --to-ports 22350
#iptables -t nat -A PREROUTING -i tun -p udp --dport 55345  -j REDIRECT --to-ports 22350

But  this hasnt worked with ovpn and dozens of support conversations, so i would like to clarify this that the support has some knowledge about the matter but not entirely from my point of view.

best regards