Wireguard port forwarding from different external ports not working

[reyemxela]

So I've been messing around getting wireguard set up and running on my opnsense box. Just wanting VPN access into my network from outside. Got it working great (eventually), but I'm running into a different issue now.

It seems like if my external port on the WAN side doesn't match what the internal side is doing, everything breaks.

Wireguard is running on the router LAN ip, port 1234 (for example)

Port forward from WAN 1234 -> router:1234 - works fine
Port forward from WAN 5678 -> router:1234 - doesn't work

This doesn't really make sense, unless there's something very specific to how wireguard works.

My main reason for wanting to do this is that I'd like to have my main wireguard instance running on port xxxx internally, but then be able to open up a few different external ports to forward to that one wireguard instance, in case of blocked ports on public wifi.
So for example, having ports 53, 110, 465, etc. all usable depending on what's blocked.

Not sure if I'm doing something wrong, or if it's just not possible with wireguard?

Thanks in advance,
Alex

[mimugmail]

Did you check for blocked packets? Maybe forward rule is wrong

[reyemxela]

Nothing looks like it's getting blocked.
And if I keep the rule exactly how it is, but just change the ports around so the outside port is the same is the internal port, it works. That's the weird part.

[mimugmail]

Hm, TBH, I never tried such a setup, I'm not really sure if it's BSD or Wireguard related :/

[birdpark]

 maybe wireguard creates a virtual interface which gets by default the lan port,  and you should change that value manually to the wan port you want. I never used opnsense or wireguard though