Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard NAT rules for multiple ports
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard NAT rules for multiple ports (Read 428 times)
mrt12
Newbie
Posts: 8
Karma: 0
Wireguard NAT rules for multiple ports
«
on:
September 06, 2024, 01:03:47 pm »
Good day,
I run a Wireguard VPN on the default port 51820. So far it works just perfect, I use it a lot and even have my Android phone connected to the VPN at all times. Perfect.
However, soon I will have holidays and will travel a lot. I know from experience that airport and hotel WiFis and also some countries block certain UDP ports, and for this reason, I would like to have my Wireguard VPN reachable on multiple ports. For instance, I want to have one Wireguard setup that can be contacted via UDP ports 80, 123, 443, 51820.
I have configured the following firewall rules:
a) one rule that allows IPv4+IPv6 for the 51820/UDP port. This allows me reliably connect from externally to my Wireguard.
b) one NAT rule, that works for IPv4 only. It forwards the ports listed under my alias "wg_alt_ports" to 51820 on the lo0 interface, see picture attached.
c) I have created the alias "wg_alt_ports" as shown in the screenshot, which I use to redirect UDP ports 80, 123, 443 and so on to 51820.
d) the NAT rule redirects the incoming Wireguard packets from 80/UDP, 123/UDP and so on, to 127.0.0.1. See screenshot.
This setup as shown works very well and allows me to use any of the UDP ports in the wg_alt_ports list. However, I am a bit concerned if this is all correctly set up? can I safely use this, or is there a more elegant or secure way?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard NAT rules for multiple ports