Port forwarding through WireGuard

[frankw]

Hi everyone,

I was wondering if anyone could assist me in configuring firewall rules to allow inbound connections through a Wireguard VPN.

I have set up 3 WG connections using this guide, and this works well. These connections are also load balanced in a gateway group, with traffic flowing through them.

What I would like to do is now allow incoming connections through these WG connections, and forward those requests to an internal IP. I have forwarded the ports at the VPN provider, and have added port forwarding rules on the WG interfaces, but have had no luck and ports still show as closed.

Any suggestions about where to look would be much appreciated.

[frankw]

One thing that I have noticed is incoming connections being rejected on the WAN interface, which I don't really understand (as the traffic report shows the traffic going through the Wireguard interfaces)...

[frankw]

Have also followed this guide, and am still seeing incoming traffic hitting the WAN (and being rejected), rather than coming in on the WG interfaces...very odd.

https://nguvu.org/pfsense/pfsense-port-forward/

I am wondering if WireGuard behaves in a different way than OpenVPN when it comes to incoming connections...?

[SebbesApa]

So the connection to your VPN provider works accept the port forwarding?

[mimugmail]

Have you tried the -kmod variant, it may solve this

[frankw]

So the connection to your VPN provider works accept the port forwarding?

Yes it all works well except for the port forwarding. Traffic flows, but Torrent client can't accept incoming connections.

Have you tried the -kmod variant, it may solve this

Yes I am using the kernel mod at the moment, it is much faster, but I can't get port forwarding to work no matter what I try

[frankw]

Can confirm port forwarding does not work through WireGuard kmod with TorGuard, OpenVPN with the exact same firewall port forwarding rules works fine.

Github issue here is closed?