Wireguard Server on router behind NAT

My one router SP1200 is behind an ISP-provided router and therefore for DDNS test I get this message " Your DDNS is resolved as 1xx.xx.xx.xx
But this router is behind NAT or you do not have a Public IP address".

I want to set up a wireguard server on this router, can I achieve this? In Wireguard configuration will I be using DDNS address as the server address?

If the IP 1xx.xx.xx.xx is the address of your ISP provided router and you are able to setup a port forwarding from your ISP provided router, it should work fine.

If 1xx.xx.xx.xx is not your Internet IP, than you need to find another DDNS service or a way to reach your router permanent.

Another way is to find another place to install the Wireguard server and let the SP1200 connect as client and build a VPN that way.

Is the IP in the WAN interface of your GLiNet router:

  • 10.0.0.0 to 10.255.255.255
  • 172.16.0.0 to 172.31.255.255
  • 192.168.0.0 to 192.168.255.255

then your ISP router does perform NAT. To have a Wireguard server working then, setup portforwarding to your GLiNet router from your ISPs router.
I am not sure if the DDNS client on the GLiNet router can look up it’s public IP(WAN IP on ISP router), but it should be able to do that.

Is the WAN IP on the ISP router:

  • 100.64.0.0 to 100.127.255.255

Then your ISP does Carrier-Grade NAT and you simply cannot run a Wireguard Server that can be reached from the internet, because there is NAT performed before your ISP’s router. You cannot setup port-forwarding in that case, so it will not work.

1 Like