Troubleshooting Wireguard server not responding client handshake

Routers VPN, DNS, Leaks
1

I'm trying to configure a wireguard server on my MT-6000, and my ISP use ds-lite so I'm attempting to access my wireguard server using IPv6 address.

I ran sudo tcpdump -niany udp port 18188 on my router, and if I connect my phone to the router wifi then I can have working connection between the phone and the Wireguard server, But it doesn't work when I switch to cellular network.

tcpdump running on Wireguard server while phone connected to router wifi:

root@GL-MT6000:~# sudo tcpdump -niany udp port 18188
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
16:39:52.857479 IP6 fddf:XXXX:ef77:0:8f8:6fba:d57c:c938.63320 > 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188: UDP, length 148
16:39:52.857479 IP6 fddf:XXXX:ef77:0:8f8:6fba:d57c:c938.63320 > 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188: UDP, length 148
16:39:52.858733 IP6 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188 > fddf:XXXX:ef77:0:8f8:6fba:d57c:c938.63320: UDP, length 92
16:39:52.858747 IP6 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188 > fddf:XXXX:ef77:0:8f8:6fba:d57c:c938.63320: UDP, length 92
16:39:52.862936 IP6 fddf:XXXX:ef77:0:8f8:6fba:d57c:c938.63320 > 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188: UDP, length 32
16:39:52.862936 IP6 fddf:XXXX:ef77:0:8f8:6fba:d57c:c938.63320 > 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188: UDP, length 32
...

tcpdump running on Wireguard server while phone using cellular:

root@GL-MT6000:~# sudo tcpdump -niany udp port 18188
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
16:46:00.056212 IP6 2001:XXX:9b6b:2670:1c58:9d69:3376:bfa3.51355 > 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188: UDP, length 148
16:46:05.130258 IP6 2001:XXX:9b6b:2670:1c58:9d69:3376:bfa3.51355 > 2409:252:43e0:1400:91b8:YYYY:84c4:c003.18188: UDP, length 148
...

root@GL-MT6000:~# wg
interface: wgserver
  public key: JvbalQylDtMek51CGZ7Rh+qtFAyaxP66HdLtIjCeKTo=
  private key: (hidden)
  listening port: 18188
  fwmark: 0x8000

peer: 9Z0olWyDvBizD3wh4FcbJLgg63+me2P35mXQMPT0xF0=
  endpoint: [fddf:6cc8:ef77:0:8f8:AAAA:d57c:c938]:63320
  allowed ips: 10.0.0.2/32, fd00:db8:0:abc::2/128
  latest handshake: 26 minutes, 18 seconds ago
  transfer: 2.35 MiB received, 26.39 MiB sent
  persistent keepalive: every 25 seconds

To me it looks like my phone cellular network could reach my router and sent its handshake but the server is not responding in this case.

2

Is there something I could try to uncover the underlying issue I'm having?

4

Please check whether your port 18188 is open.