ERX wireguard assistance please

Simon McNair simonmcnair at
Tue Jul 6 13:25:56 UTC 2021

I've searched to try and find the solution to my issue but I'm no expert 
and I'm not entirely sure what to search for.  I would appreciate your 
help please.

In summary, If I connect to my LAN via local WiFi I successfully connect 
to wireguard:
interface: wg0
   public key: <removed>
   private key: (hidden)
   listening port: 12345

peer: <removed>
   allowed ips:
   latest handshake: Now
   transfer: 157.33 KiB received, 536.33 KiB sent
   persistent keepalive: every 25 seconds

However if I try and connect via a remote network it fails.  My DDNS is 
resolving correctly to the correct IP so I can only think that firewall 
rules or NAT is somehow causing the issue.  Has anyone come across this 
before please ?
I don't know how to monitor my WAN port 12345 for activity, I tried 
tcpdump -n -v -i wg0 to no real benefit.

The ERX is running v2.0.9-hotfix.2 and 

High level the infrastructure is:

wg ip :
listen port:12345
peer allowed ip is :
Firewall policy WAN_LOCAL default action drop, rule 2 wireguard 
destination port 12345, protocol udp, action accept

I would appreciate any help you can provide. The aim is to be able to 
access resources in the subnet using routed ip from the transit network.

My apologies if my syntax or understanding is flawed.



More information about the WireGuard mailing list