Wireguard Site-to-Site CG-NAT

hidef · February 24, 2022, 02:39:45 PM

If I rent a VPS server (public static ip) and my home connection is behind CG-NAT, is it possible to establish a site to site connection with wireguard to allow access to my home network and do port forwarding? Is this the best solution?

itngo · February 23, 2023, 07:07:51 PM

You ever get this solved?

chemlud · February 23, 2023, 07:27:21 PM

only one end of the tunnel needs to be reachable (public IP), with dyndns you can set up a server for the tunnel and reach it from behind your CG NAT.

Or wait 5 min and the ipv6 fraction wants you to use ipv6 in any kind of configuration... ;-)

itngo · February 23, 2023, 07:46:24 PM

Thank you for the reply.
So I must have done something wrong as my tunnel never comes up on the "server" side.....

But there is also an orphaned wg0 on the server, cause WireGuard-Plugin was installed some month ago and was buggy... is there a way to completely clear any orphaned fireguard settings in opnsense?

chemlud · February 23, 2023, 09:30:08 PM

1. export config.xml and look for any remnants of wireguard config. remove. import edited config.

2. reset to factory (hard way).

itngo · February 25, 2023, 12:48:33 PM

Quote from: chemlud on February 23, 2023, 09:30:08 PM
1. export config.xml and look for any remnants of wireguard config. remove. import edited config.

2. reset to factory (hard way).

Thanks for the reply.
Is there no way to just look in the existing and used "config-file" anywhere?

Greelan · February 25, 2023, 01:47:46 PM

/conf/config.xml

itngo · February 27, 2023, 10:39:45 AM

Thx

Wireguard Site-to-Site CG-NAT

hidef

February 24, 2022, 02:39:45 PM

itngo

February 23, 2023, 07:07:51 PM #1

chemlud

February 23, 2023, 07:27:21 PM #2

itngo

February 23, 2023, 07:46:24 PM #3

chemlud

February 23, 2023, 09:30:08 PM #4

itngo

February 25, 2023, 12:48:33 PM #5

Greelan

February 25, 2023, 01:47:46 PM #6

itngo

February 27, 2023, 10:39:45 AM #7