Hello. Having issue port forwarding on the Opal which will be the server staying in the US. I am trying to setup up VPN tunnel to use home IP address while away. Have Verizon Fios G1100 combo modem/router provided by ISP. Set the Opal IP static on the g1100 and successfully did the port forwarding on the g1100 for 192.168.1.3 to port 51820 via UDP for wireguard. But since the opal is behind the g1100 (connected via wifi) I think I have double NAT and have to forward same port on the Opal, but have no idea where/how to do in the UI of the Opal. I will be using the Slate AX for travelling (Client). I have successfully added the config file to the slate, but it doesnt connect to the Opal while away from home. Stale AX just sticks on trying to connect to server but never does. Thanks in advance for taking the time for reading this and any responses. I did search for answers but not jumping out at me. Latest firmware on both Opal and Slate. I saw someone else suggest on YT changing the wireguard server ip to 10.20.0.X/24. What is that? and how to do?
Please consider creating some graphical representation so we understand better which IP is located where. Follow this guide to provide the necessary information: How to get support quickly
FYI: The GL GUI automatically sets up the approp. firewall rules, routing. I’d advise against using LuCI or deviating from it unless there’s an extreme edge case. WG Server isn’t one of them.
I’d check to make sure :51820 is open on at whatever Public/Internet IP you’re trying to connect/ultimatley terminate to as the Opal for a WG Endpoint:
Thank you for your response. I dont know what LuCl even is/means. However, I did notice that the port is not open. So either am doing the port forward rule wrong or I have an issue with the fios router (it is a bit old and verizon wont support when I call to ask them how to forward). My Plex port forwarding is open/working for remote viewing, so I know it does work but that was set up by UpnP.
(Oh, LuCI is the name of the OpenWrt Linux GUI. GL builds on OpenWrt. LuCI can be accessed by GL GUI → System → Advanced Setting; same password as the GL GUI, username root . Don’t use it in this case. )
Can you confirm :51820 is open|filtered when the Opal is hard wired to the modem? I’d really take Wi-Fi out of the equation for the moment. That IP Void link should be able to confirm it.
Don’t worry about that; if anything you should try setting your Slate AX’s IP to 192.168.18.1*, then connect its WAN to the Opal’s LAN. Generate new confs on your Opal (acting as the WG Server) & connect to the Opal to confirm WG Client/Server works properly when directly linking the GL devices. Taking the Verizon modem out of the equation will at least give you piece of mind it’s not the GL devices fight’n 'ya.
Here’s a brief HOW-TO/synopsis for what this looks like:
But to answer your question: 10.20.0.0/24 is a network subnet/IP range of 10.20.0.1–10.20.0.255. Such 10. addressing is typically used for VPN IPs as is this case. A ‘stock’/default GL device will have a LAN subnet of 192.168.8.0/24 (192.168.8.1–192.168.8.255).
If you connect your Slate AX & Opal to the same network in their stock configuration, gremlins are summoned so it’s best to set one of them to something like 192.168.18.1.*
Failing a directly connect WG Client/Server setup the only other thing to inquire is if Verizon is using CG-NAT. If so, WG is probably a hard no go. CG-NAT basically means there’s another ‘router’ on the ISP’s network that they may/may not open :51820 on their end to let you access your Public/Internet IP… which is need for WG when travelling.
* GL GUI → Network → LAN → Private Network → Router IP Address
Again, thank you for the time you take to reply! In no order: I dont have CGNAT.
I will try renaming the slate IP to 18 as you suggest.
I will try hardwiring the opal to the fios router, but I assume i will have to delete the forward rule then do it for the new IP that the fios assigns the hardwired opal (it was 192168.1.4 when wired). The ethernet goes from the fios LAN port to the Opal WAn port, correct?
Funny aside: when i google LuCl i think it was an orthopedic disorder/injury. And your summoning Gremlins was witty.
Modem LAN → Opal’s WAN. Correct. Then Opal’s LAN (192.168.8.0/24) → Slate AX’s WAN (192.168.18.0/24).
I’ve gotten in the habit of using the stock/‘out of box’ settings GL uses so that others who may stumble upon this thread can follow along. Change 'em according to taste… but perhaps consider waiting until you know everything is working as expected… while hard wired.
Yes, you’ll need ensure the Modem’s fowarding rule maps to the same IP it assigns for the Opal every time either devices power cycle. Look for ‘Static IPs’ or ‘DHCP Reservations’ within the Modem’s GUI if you have it. Also assign the Opal’s WAN IP, the one provided by Modem, to the DMZ should the option present. Then you don’t need to worry about port fowards & the Opal will be fully exposed to the Public Internet, just as it should be.
Oh good point on the static. I did for the wifi opal but will remember to do for the wired opal wan IP. and will try the dmz option if it removes all of this as well. Do you think its worth it to dmz the assigned opal now 192.168.1.3 now to see if it does it now without all of the above steps?
Sounds good. I’d still go to a family/friend’s location & test that the Slate AX is able to connect back to the Opal as a dry run. It never hurts to be sure.
will do. BTW i was not connected to the opal when i did the scan, but the main ISP wifi. but that shouldnt matter, right? it still should have shown as port open if it worked, right?
Technically it shouldn’t but here’s the secret ‘they’ don’t want you to know when it comes to technical support troubleshooting: process of elimination.
If there’s a variable you can strip out of the equation, do it.
It worked!! Brought Slate to work, I enabled the client (not expecting anything) and was pleasantly surprised when it worked. Showed my home IP address. Thank you again for your assistance and patience.
The only thing I did was the DMZ of the Opal, still via wifi and no other changes.
)