Traffic on port 53 fails on LTE but works on WiFi

John graysky at
Sun Nov 18 19:55:53 CET 2018

I have a simple WireGuard VPN setup I use running WG on a home Linux
box and connecting to it with several iOS clients.  The server peer is
setup on port 53 since a the networkadmins of some remote WiFi
networks my mobile devices seems to block udp traffic on higher ports.
Encrypted connections work fine on WiFi as I have setup, but do _not_
work when I connect via LTE (Verizon supplying the data).  On LTE, I
am no longer able to transfer data to/from the server peer but I can
handshake with it.

If I inspect the output of `sudo wg` on the server peer, I see the
endpoint IP address changes to reflect my Verizon LTE IP and the time
since the last handshake reset to a few seconds which is consistent
with my ability to connect to the WireGuard peer server.

I am unable to transfer data (pull up a web site or check email etc).
It's as/if Verizon is blocking my data flow on port 53.  If I change
the port from 53 to 123, it seems to work fine although I do not have
universal connectivity on the various WiFi networks I visit on port
123.  The optimal port would be 53 for my use case.

So the questions:
1) What can I try on the server peer side to diagnose?
2) Do people feel that Verizon is actively blocking the connection on port 53?

More information about the WireGuard mailing list