Raspberry Pi 4 Not Port Forwarding Wireguard on OpenWrt

I recently got a Raspberry Pi after learning so much about Linux through implementing OpenWRT projects throughout this pandemic. I don't know if I have ever enjoyed anything this much, thank you OpenWRT!

Anyways, I've managed to migrate most of my projects I had on my WRT32x [OpenWRT firmware] to my Raspberry Pi 4. However one program in particular, Wireguard, is giving me a headache and I can't figure out why the hell its not port forwarding -- even though I know I'm port forwarding correctly because I have successfully forwarded 9091 for Transmission-web off of the pi and it works. However, I continue to get a "Connection refused" when testing my Wireguard port [default wg0 port 51820] on https://canyouseeme.org/ .

I used the PiVPN install script for Raspberry Pi, which seemed to install it with no errors:

curl -L https://install.pivpn.io | bash

I believe I know what the issue is, but I don't know how to make the change. When I was trying to get Flood (a Torrent npm linux program) to port forward on the pi, I noticed that if it was running on [], it could not be seen from my LAN network or the outside. For it to work, I found it needed to be ran on the LAN interface which is [] -- I have never encountered something like this, but that is what fixed it. I believe I should be doing the same for Wireguard, how would I modify the server to start on [] vs the current []?

I set a static DHCP address on my pi and my PiVPN debug shows it (see below), but when I run netstat it is running on [].

What am I doing wrong? Am I correct about the LAN interface it should be running on? If so, how do I change it so Wireguard server starts on LAN interface [] and not []? I have searched the internet for a solid 24 hours now -- I wanted to fix this myself lol. Any help is appreciated.

OpenWRT LuCI > Firewall > Port Forward:

https://canyouseeme.org results:
Transmission (Success):

Wireguard (Fail):

Netstat results (editted by reducing amount of active connections):

pi@raspberrypi:~ $ netstat -l

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0  *               LISTEN
>udp        0      0 *<
udp        0      0   *
udp        0      0*
udp        0      0 raspberrypi.:netbios-ns*
udp        0      0*
udp        0      0*
udp        0      0 raspberrypi:netbios-dgm*
udp        0      0*
udp        0      0 *
udp        0      0 *
udp        0      0 *
udp        0      0 *
udp        0      0 *
udp        0      0 raspberrypi.lan:39656*
udp        0      0  *
udp        0      0 raspberrypi.lan:39160*
udp        0      0 raspberrypi.lan:46431*
udp        0      0*
udp        0      0  *
udp        0      0 raspberrypi.lan:57741*
udp        0      0 *
udp        0      0 localhost:60353*
udp        0      0 localhost:44531*
udp        0      0*
udp6       0      0 [::]:35867              [::]:*
udp6       0      0 [::]:dhcpv6-client      [::]:*
>udp6       0      0 [::]:51820              [::]:*<
udp6       0      0 [::]:mdns               [::]:*
udp6       0      0 [::]:59234              [::]:*
raw6       0      0 [::]:ipv6-icmp          [::]:* 

Here is my PiVPN debug:

pi@raspberrypi:~ $ pivpn -d

::: Generating Debug Output
::::            PiVPN debug              ::::
::::            Latest commit            ::::
commit d7771c251418fa443869397d46f93c5b0c197558
Author: 4s3ti <4s3ti@protonmail.com>
Date:   Sat Feb 6 23:04:11 2021 +0100

    Merge branch test into master

    fixes #1234
    ci/cd fixes and improvements
::::        Installation settings        ::::
ALLOWED_IPS=", ::0/0"
INSTALLED_PACKAGES=(dnsutils iptables-persistent wireguard-tools wireguard-dkms qrencode unattended-upgrades)
::::  Server configuration shown below   ::::
PrivateKey = server_priv
Address =
ListenPort = 51820
::::  Client configuration shown below   ::::
::: There are no clients yet
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::


::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://github.com/pivpn/pivpn/wiki/FAQ
:::: WARNING: This script should have automatically masked sensitive       ::::
:::: information, however, still make sure that PrivateKey, PublicKey      ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this:                  ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe                          ::::
::::            Debug complete           ::::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
1 Like

My boy @vgaetera, you've helped me out countless times. I appreciate it very much! Any suggestions on this one?

1 Like

Wireguard client not receiving data from 3G Router Server - #6 by vgaetera


Of-freaking-course. I should have known better.

I thought I connected to it yesterday with my phone as the VPN icon indicated I was connected BUT I couldn't get any webpages to load and after seeing canyouseeme refuse the connection, I assumed it wasn't forwarded. It's odd, it seems to be TXing data but not RXing -- I'll hunt for this on the forums.

Sorry for taking up your time with stupid questions! I am such a rookie!

Thanks again, @vgaetera

1 Like

Just kidding, I successfully got it to work!

I am a GOD! At least temporarily. I am just super stoked because I am running this VPN on symmetrical fiber I just got yesterday! Woot!

Thank you @vgaetera , closing this!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.