ERX wireguard assistance please

Simon McNair simonmcnair at gmail.com
Tue Jul 6 13:25:56 UTC 2021


Hi,
I've searched to try and find the solution to my issue but I'm no expert 
and I'm not entirely sure what to search for.  I would appreciate your 
help please.

In summary, If I connect to my LAN via local WiFi I successfully connect 
to wireguard:
interface: wg0
   public key: <removed>
   private key: (hidden)
   listening port: 12345

peer: <removed>
   endpoint: 192.168.100.102:50084
   allowed ips: 10.250.250.5/32
   latest handshake: Now
   transfer: 157.33 KiB received, 536.33 KiB sent
   persistent keepalive: every 25 seconds

However if I try and connect via a remote network it fails.  My DDNS is 
resolving correctly to the correct IP so I can only think that firewall 
rules or NAT is somehow causing the issue.  Has anyone come across this 
before please ?
I don't know how to monitor my WAN port 12345 for activity, I tried 
tcpdump -n -v -i wg0 to no real benefit.


The ERX is running v2.0.9-hotfix.2 and 
e50-v2-v1.0.20210606-v1.0.20210424.deb


High level the infrastructure is:

LAN: 192.168.100.0/24
wg ip : 10.250.250.1/24
listen port:12345
route-allowed-ips:true
peer allowed ip is : 10.250.250.5/32
Firewall policy WAN_LOCAL default action drop, rule 2 wireguard 
destination port 12345, protocol udp, action accept


I would appreciate any help you can provide. The aim is to be able to 
access resources in the 192.168.100.0/24 subnet using routed ip from the 
10.250.250.0/24 transit network.

My apologies if my syntax or understanding is flawed.

Regards

Simon




More information about the WireGuard mailing list