WireGuard VPN - PlayStation Nat Type Issues

So I finally installed my own vpn server according to this guide:

I don't have firewall enabled on my VPS, I tried Vultr, Lightsail, DigitalOcean. I get nat type errors (meaning I cannot hear any one in party chat) it seems the vps server is not forwarding the ports correctly.

Everything is fine once I close the wireguard connection.

Is there anything I am missing? any simple rules that I can add to enable forwarding of all ports?


You do have the port forwarding on the VPS properly configured though, correct?



PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

What is this in reference to -- is this a particular application that isn't working properly with your setup?

Can you successfully ping a machine on the internet via the wireguard VPN? Can you successfully connect to an SSLed HTTP website via the wireguard VPN?

This is regarding some applications not being able to open ports via UPNP. I can ping and connect to server without issues all websites work fine it's just some apps are not able to open ports to be more specific it's the playstation 4 unable to make peer to peer connection with other players

In that case you need to be running a UPNP daemon on the VPS machine listening on the NATTed interface (in this case the wireguard device), and capable of adding port mappings to the NAT tables on the VPS.

This is outside the scope of openwrt, unless you are double NATting.

  • I don't see any port forwards in the commands you posted from the VPS.

That is likely you issue.

  • You have to make the individual port forwards for each port you wish to send through the VPS server into the WG tunnel.

I am new at this, is there commands that I can add to my Ubuntu server to enable a port range?


yeah I tried few of those things but results is the same damn!

You replied in less than 30 seconds, it's impossible you even read those links, let alone tried what it suggested.

I won't be able to further assist until you actually make the proper iptables entries.

1 Like

I googled before posting so I checked those links before. I will create the iptables again and get back to you

1 Like

Do you need an example?

For an HTTP server if:

  • is your WG network
  • eth0 is your VPS WAN port; and
  • is a web server located thru the tunnel
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to
iptables -A FORWARD -p tcp -d --dport 80 -j ACCEPT

(this nearly an exact copy/paste from here)

Some of those type of applications will use fixed ports, in which case for a given application there is usually information on the internet on which ports need DNATing back.

In other cases the applications expect to use UPNP to set up mappings themselves on the home router they are connected to, and in that case you'll need to set up a upnp server on the VPS to facilitate this.

Can you give me an example if I want to open all ports from 1000 to 65535 the below was the setup I was using

iptables -t nat -D PREROUTING -i eth0 -p tcp --match multiport --dports 1000,65535 -j DNAT --to
iptables -t nat -D PREROUTING -i eth0 -p udp --match multiport --dports 1000,65535 -j DNAT --to

See: https://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html

Also be advised, this is not related to the OpenWrt. If you still need further assistance with iptables on your server, you might wish to seek support from the Ubuntu community.



thanks for the help

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.