@jdub absolutely sorry for “ignoring” the previous post - I wanted to edit and add more information - so decided to delete it and create a new post. Sorry about it.
So, a few updates: Yes I do know the Main Router as ISP → port forwarding to Flint
In terms of your comments:
I tried to connect my device to different WiFis
Also tried to use mobile network (instead of Wifi)
Also tried to “expose” to the internet and try the WG - did not work
I also tried to use different ports instead of the default. Also tried to create a Rule under Firewall → Open Ports on Router (for UDP)
If I go to Dynamics DNS and try “DDNS Test” I have the following message :
Ok, looks like you’re making some progress, so that’s good. My recommendation at this point would be to break the problem down and see where the issue is.
So I’d probably do:
start by making sure the Wireguard server is actually working correctly in the first place. Edit your config file to use the local (192.168.X.X) IP and get that working first.
find your public IP by googling “what is my IP”. Then try manually editing your file to connect to that IP. Leave the Flint as the DMZ host for the moment so we can eliminate that variable. Try this from your cell phone if you can, or from a completely different network (someone else’s house/apartment).
if that doesn’t work, it may be that your ISP is blocking inbound traffic. That’s usually not the case with high port UDP traffic, but possible.
We can always start looking at configs, etc, but if you’re DMZed then it shouldn’t be a forwarding issue.
Today is a holiday where I am, so I won’t have a ton of time to respond but I’ll try to check in on this as I can.
What you’re looking at here is your internal IPv4 network, not an internet facing one. If your ISP allows you to get an external IPv4 address that would be what you’re looking for. The help page you posted would require your ISP to hand out those addresses.
IPv6 will make things more complicated in several ways:
If you’re planning on using it to connect back to your house while traveling you’ll need to have IPv6 at your remote site (generally not true in hotels). You can sort of get around this, probably, by building an IPv4->IPv6 tunnel (Hurricane Electric, maybe?), but goodness that’s a pain.
IPv6 just makes it easier to make mistakes and/or leak traffic over the IPv4 tunnel. It’s not that you can’t do it safely (if obfuscation of your traffic is the goal), but you just have to be a lot more careful.
Can you contact your ISP and see if there’s any way you are able to get an external IPv4 address (can be static or dynamic).
Keeping everyone up to date, I’m going to try to help @pedritocs97 with a Tailscale solution, which I think may handle all of the IPv6 weirdness for us. Hopefully.
Hey, I’m totally open to any suggestions you have for doing a pure Wireguard implementation where you’ve only got IPv6 running on the server (and where you may not have IPv6 running at all on the client side), since that’s something I’ve never attempted.
Tailscale seems like it will handle that with some penalty in performance (and, admittedly, without the main GL.iNet interface, which I generally don’t prefer anyway). In other words, it looks like it will potentially handle the tricky parts of this setup in its overlay and probably give you a direct connection (rather than relay) most of the time. May not work, but worth a try, I think.
(disclosure: I’m running TS as my main VPN solution on my AXT1800 right now, and at least for my purposes I’ve found it excellent. But I have a rather more complicated setup and need to access 6-10 data centers, which that allows me to do quite easily).
Right, but it’s not a matter of just adding firewall rules, it’s a matter of making the peer connection, right? If your server is v6 only (as a public), then your v4 only client can’t connect to it directly because, well, it can’t resolve the v6 public address.
The v6 server is (presumably) using some sort of tunnel to actually access v4 traffic, so it’s going to be able to reach an external v4 address. Which would be great, except that you don’t know what the public IP of your hotel is going to be before you get there.
To put the problem succinctly, if I’m at a hotel and I only have IPv4 access, and my home router only has an external IP address of a21b:b6f0:e9ec:9d11:5c48:7c4c:1054:2e32, how do I build a wireguard client config to connect back to that server?
All of the overlay networks (Nebula, Zerotier, Tailscale) kind of inadvertently solve that problem, though in different ways.
A big shout out to @jdub who was able to fix my problem completely with ipv6 on server side and ipv4/ipv6 on client side, no need to port forward- WG running perfectly exactly as needed. You rock!!!