Hi,
I have two AXT1800 one on each city. I have the wireguard tunnel on port 51820.
But I want to also open the port 51000 for one device in the client side.
In the modem I forward port 51000 to the ip of Wireguard server AXT1800, 192.168.25.80 in my case.
What should I configure on the server and the client?
In the server I have this configured today:
And on the cliente side I configured like this:
What I’m doing wrong here?
Should port 51000 be generally available or only for devices that are connected to the Wireguard VPN?
Not very sure what you want to achieve. Maybe you can explain more.
Does not matter to much.
The ideal is that this port reach the HTPC on the client side AXT1800.
ok, let me try.
I have an HTPC here, connected on the AXT1800 Client via LAN.
This AXT1800 client is connected via Wireguard to the server, and wireguard use port 51820.
I wish to open the port 51000 for this htpc on the client side.
HTPC ip is 192.168.8.192 on the client side.
AXT1800 Client got the IP 10.0.0.4 on the AXT1800 server.
I tried to configure like I show above, but did not worked.
You don’t need to expose more ports. Relevant to your interests:
Ok thank you, so on the server side, I just need to configure this route rule on Wireguard server configuration.
Now, where I need to configure after that to open the port 51000 for LAN client side IP 192.168.8.192?
You don’t need to expose more ports. The S2S tunnel will handle it.
Ok, but now all ports on the client side will be open to any device, or now the Firewall rules on Client side will work as configured above?
You don’t need to expose more ports. ‘Site-to-Site’ means that practically speaking your home network is now extended across the Internet via WireGuard to your remote location.
All connected devices are apart of one giant LAN. You don’t need to expose more ports.
Ok, I don’t know if I made myself clear.
I need to expose this port 51000 of this LAN client device to the internet on server side.
Even if now it’s all one LAN, the port will remain blocked if I don’t port forward on the modem, right?
LAN of Server is 192.168.25.x and client 192.168.8.x.
My internet modem will now also see devices on 192.168.8.x range and I will be able to open the port directly there?
My S2S WG Server is 192.168.10.0/24 & S2S WG Client is 192.168.81.0/24. Both can ‘talk’ to each other on any port.
If you can access the HTPC at the home location of the S2S, you should be able to do the same fr the remote location. It’s all being tunnelled back & forth by that route/gateway you’ve set… so you don’t need to expose more ports.
Try a port scan from the remote location’s GL device to see what ports are open on your home ‘endpoint.’
opkg update; opkg install nmap or try Ning.
Ok, I think I got your point.
But I wish also to access this HTPC via Internet from anywhere.
That’s the reason I was asking to open a port.
Don‘t do it. Use VPN or Teamviewer or sth. like that.
The S2S HOW-TO is a WG S2S. OP doesn’t understand the S2S tunnel concept doesn’t require the addn’l complexity of port forwarding.
@Smarley
I think you’re going to be pleasantly surprised how simple S2S is to use. I know I was.
Yes I understood your point.
But this will not solve the fact that this LAN IP will not be open to the internet.
I also need to open another port/ip for my torrent client.
You don’t want to expose your HTPC to the Public Internet/WAN. That’s just asking for trouble.
Yes on this caso I can use the same wireguard to access it.
I still need to open for my torrent client in another LAN ip.
On my Modem I can only open ports in the range of wireguard server side, 192.168.25.x.
In the end, I did the S2S configuration and added the portforwarding on the firewall of wireguard server, from WAN to WiregardServer.
Torrent is working, axl1800 is fighting to handle the desktop/torrent(around 25peers)/netflix together.
I think due to my latency to the server, ~250ms I’m not getting more than 6Mbs on the torrent download.
