My one router SP1200 is behind an ISP-provided router and therefore for DDNS test I get this message " Your DDNS is resolved as 1xx.xx.xx.xx
But this router is behind NAT or you do not have a Public IP address".
I want to set up a wireguard server on this router, can I achieve this? In Wireguard configuration will I be using DDNS address as the server address?
If the IP 1xx.xx.xx.xx is the address of your ISP provided router and you are able to setup a port forwarding from your ISP provided router, it should work fine.
If 1xx.xx.xx.xx is not your Internet IP, than you need to find another DDNS service or a way to reach your router permanent.
Another way is to find another place to install the Wireguard server and let the SP1200 connect as client and build a VPN that way.
Is the IP in the WAN interface of your GLiNet router:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
then your ISP router does perform NAT. To have a Wireguard server working then, setup portforwarding to your GLiNet router from your ISPs router.
I am not sure if the DDNS client on the GLiNet router can look up itâs public IP(WAN IP on ISP router), but it should be able to do that.
Is the WAN IP on the ISP router:
100.64.0.0 to 100.127.255.255
Then your ISP does Carrier-Grade NAT and you simply cannot run a Wireguard Server that can be reached from the internet, because there is NAT performed before your ISPâs router. You cannot setup port-forwarding in that case, so it will not work.
Even if this thread is old, Iâd like to jump in here with a similar problem.
My setup is an ISP cable router. I attached my GL-AR750S to one LAN Port and set it up as a Router. In the IPS router, I set up a DMZ for the slate.
I also set up DDNS on the slate. After setting up a WireGuard server on the slate I set up a WG client on my iPhone. As Endpoint in the phone config, I set up the DDNS name (XXXX.glddns.com).
After setting up DDNS I hover over the field âDDNSâ and open the page XXXX.glddns.com. There I am asked for a username and password. Basically, I donât know what credentials I have to enter here, and what this page is about? Seems that this page is reachable whether âHTTPSâ is activated, or not?!
I canât get WG server working. Endpoint in the client config seems to be resolved correct, but I canât access any client from WG client.
Can you check if you have another router above the ISP router?
Check your ISP routerâs public IP and see if you can access that IP and open the web page of the ISP router. Of course you need to open port 80 on your ISP router.
The DDNS is IP resolution. Even you turn it off, the last IP is recorded and will remain.
I donât think so. As this âISP routerâ still have one upstream router, I wonder if this is the true ISP router. You need to do DMZ or port forward on the Unifi router at least
You could look into using something Tailscale or ZeroTier. They have servers that help with NAT traversal. I personally use Tailscale, and it works great wherever I go and I never have to think about NAT issues. Tailscale is built on top of Wireguard, so it is fast and secure. It is quick and easy to install, and requires minimal configuration.
Tailscale is designed to allow devices with it installed and signed into the same account to seamlessly talk directly to each other. You can get it to work more like a regular Wireguard VPN using Tailscaleâs Subnet Router and Exit Node features. Setting up a device as a Subnet Router allows access to an entire network without installing Tailscale on each device. Setting up an Exit Node allows you to route all of the traffic from your device through the exit node like a regular VPN.