Setting up second incoming Wireguard connection

This is my setup as in picture. Everything works OK, except ETV wireguard network. The problem here is that connection should be initiated externally on port 1111 from WAN side. How can I direct traffic from WAN port 1111 to this ETV wireguard network? When I tried port forwarding it doesn't seem to work.

Offering a local service means opening a port not forwarding. Port 1111 must be open for UDP so the Wireguard server process on OpenWrt can receive encrypted incoming connections from its peer. The Wireguard process is local on the router even though the ultimate destination of the packets after they have been processed by Wireguard will likely be outside the router.

When the packets are decrypted they exit the port 1111 tunnel. Port 1111 and the router's public IP is meaningless at that point. They have a private address that was assigned by the client before they went into the tunnel. This is part of a private network which exists on the router. So they will be directly routed to the endpoint on the LAN. This is almost always a regular symmetric route and forward, not a NAT.

Yes, seems only port opening was enough (and seems I needed to do complete reboot, because previous forwarding rules or smth was already in place). Thanks.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.