Wireguard behind NAT

Ole-Morten Duesund olemd at glemt.net
Mon Sep 3 12:43:19 CEST 2018

On 9/3/18 12:28 PM, Adrián Mihálko wrote:
> Is there any way to connect to Wireguard behind a Carrier-grade NAT?
> On SIDE_A I have a backup LTE connection, without proper public ip, only 
> dynamic ip and I server with Wireguard.
> SIDE_A = mobile LTE connection, without public IP, behind carrier grade NAT
> SIDE_A_SERVER = WIREGUARD (connecting to sideb.dyndns.org 
> <http://sideb.dyndns.org/>)
> SIDE_B = VDSL with public ip + ddns (sideb.dyndns.org 
> <http://sideb.dyndns.org/>)
> SIDE_B_SERVER = WIREGUARD (cannot connect to SIDE_A, because no public 
> ip on SIDE_A)
> I heard of Wireguard-P2P, but it's not running on headless server, 
> because one of their component requires x11.

This is pretty much the same as I have - and while SIDE_B_SERVER won't 
be able to establish connection to SIDE_A_SERVER, SIDE_A_SERVER should 
have no problems establishing a connection to SIDE_B_SERVER.

Adding a "PersistentKeepalive = 5" to your config on SIDE_A_SERVER 
should keep the connection up.

- OM

More information about the WireGuard mailing list