VPN wireguard on GL-MT300N-V2 client

Hi to everybody, i need help about routing on GL-MT300N-V2.
I have Mango (IP with IP cam wifi, this router are connected with Tp-link (LTE) (IP with wan port. The provider LTE are in CGNAT so not reachable from Internet. I have a remote VPS where I have installed wireguard Server on Docker. I use Mango to connect with the server in VPN and it work and my CAM are reachable from Internet.
On my VPS with wireguard server I have routing the port 8008 to my Mango in port 80, and this work perfect.
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 8008 -j DNAT --to-destination

I do the same thing to reach my Tp-link
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 8010 -j DNAT --to-destination

But Mango block the connection to my tp-link.

I'll show my peers configuration:

PublicKey = xxxxxxxx
PresharedKey = xxxxxxxxx
AllowedIPs =
AllowedIPs =
AllowedIPs =
PersistentKeepalive = 15

the destination is unreacable because are in double nat?
What I can do to bypass?
I think about wgclient need to routing to WAN, but I do not know how....

What is your firmware version on MT300N-V2?

A unrelated question: which VPS are you using? How much is it?

Seems to be a firewall issue, data arriving at belongs to the firewall INPUT, but data arriving at belongs to forwarding, please make sure you allow wireguard->WAN forwarding on the Mango router.

1 Like

GL-MT300N-V2 Firmware: 4.3.11

VPS Contabo 5,50 euro at mount
4 vCPU Cores
400 GB SSD

that is what i supposed, but I do not know how redirect wgclient to WAN.
I'll try to port forward on Mango, from wgclient port 80 to WAN port 80 but don't work.
Can you explain me?
thank you

pls try below firewall rule, this rule is not precise and therefore not safe, we are just trying to troubleshoot problems

iptables -I FORWARD -j ACCEPT

Thank you for answer, but not work.
I do on my Mango

iptables -I FORWARD -j ACCEPT

I'll try with netcat

nc -v ipVpsServer 8009 work (Connection to xxx.xxx.xxx.xxx 8009 port [tcp/*] succeeded!)
nc -v ipVpsServer 8010 no answer

Hi, any idea about the problem?
any suggest are welcome :smiley:

With 2 static ROUTE it work but not very well....

and now this is the page of login of my Tp-Link

I do not know what is wrong....

cloud you show your peer configuration on Mango?

This is the config on Mango (client wireguard)
Address =
PrivateKey = xxxxxxxxxxxxxxxxxxxx
DNS =,
MTU = 1450

PublicKey = xxxxxxxxxxxxxx
PresharedKey = xxxxxxxxxxxxx
AllowedIPs =
Endpoint = ipServer:51820
PersistentKeepalive = 15

1 Like

Let me confirm the topology as follows. You want to access the tp-link router directly through VPS, right?

I did almost the same thing as you, but it was very smooth and I had easy access to my parent router.
wg server configure on vps
wg client configure on router
The only thing I did was set the following firewall rules on the router

iptables -I FORWARD -j ACCEPT

you are right.
I can reach the router, but I see imperfect page, like the image attached.
analyzing the page i see the path of the "link" are ../CSS ecc...
So I think the page not load correct.

1 Like

It looks like you've succeeded, but the page you're trying to visit isn't fully loaded because it relies on sites like www.w3.org. You can try tracing the path to www.w3.org

you are right. I know the problem and I do not think there is a solution.
Thank you for your time.

1 Like

I think the problem may be here, you only do port forwarding for the address, if your web page needs to reference other Intranet addresses or other ports, it will not work.

thank you.
I do not know how to find other Intranet addresses or other ports who need to work....
best luck