I'm currently running WireGuard on a non-standard port, and it works fine under normal conditions. The issue arises when I'm on restrictive external networks where outbound traffic on that port is blocked, making the VPN unusable.
To improve reliability, I'd like WireGuard to listen on an additional port so there's a higher chance of the traffic being allowed through. I attempted to set this up using an inbound NAT rule, but the Redirect target IP field doesn't let me select the WAN address.
I also considered running a second WireGuard instance, but that introduces another interface and leads to routing conflicts.
Has anyone found a clean way to achieve this setup?
Thanks in advance!
You can redirect from WAN:<someport> to 127.0.0.1:51820 - which has the bonus effect that outbound replies from the WG service will be NATed to the correct port automatically.
The same does not work for IPv6 because ::1 is not considered a valid source address. There are other slightly more complex but not overly so solutions for that case.
Ah, okay... That works - thank you!
Btw, is there a reason that the UI doesn't list the WAN address as an option? Could this be considered as an addition?