Accessing wireguard vpn public ip:port from inside LAN

[mmmcfly]

I have selective routing wireguard setup in opnsense 24.7.12_4 with a VPN provider, and have the following:

• HostA is connected to VPN, has port 3123 open and can be reached from external network
• HostB is not connected to the VPN, but needs to access HostA from VPN public IP address

HostB can connect to HostA via LAN private IP:port, but I need HostB to connect to HostA over the VPN public IP:port. It just currently times out when i try.

Is this possible? Any help would be really appreciated. Thank you.

[mmmcfly]

Got it working with help from deepseek ai:

• Create NAT Port Forward rule
  
  
  • Go to Firewall > NAT > Port Forward
  • Click "Add" to create a new rule
  • Configure with these settings:
    
    
    • Interface: LAN
    • Protocol: TCP/UDP (or your specific protocol)
    • Destination: VPN provider's public IP (the one assigned to your WireGuard tunnel)
    • Destination port range: The port forwarded by your VPN provider
    • Redirect target IP: Your host's LAN IP
    • Redirect target port: The local port on your host
    • Description: e.g., "Hairpin NAT for VPN host access"
    • Filter rule association: "Add associated filter rule"
• Verify Firewall Rule
  
  
  • Go to Firewall > Rules > LAN
  • Look for a rule that allows traffic to your host's LAN IP on the specified port
• Add Outbound NAT Rule
  
  
  • Go to Firewall > NAT > Outbound
  • Enable "Hybrid outbound NAT rule generation"
  • Add a manual rule:
    
    
    • Interface: LAN
    • Source: LAN net
    • Destination: Your host's LAN IP
    • NAT Address: Your OPNsense LAN IP
    • Static Port: Checked