I’ve been researching the relative lack of security of port forwarding as well as things like UPnP (not relevant to this question though). I’ve been trying to better understand the nature of port forwarding & how it compares with port triggering both in similarities & differences.
Ultimately I wanted to ask if Wireguard could be setup on a GL router, behind another router / AIO, using port triggering instead of port forwarding ? From my research port triggering is supposed to be more secure than port forwarding but all documentation seems to suggest port forwarding & that’s all.
Any insight & explanation would be appreciated. Thank you.
Port triggering does not make sense for UDP ports like the WireGuard one. WireGuard will only answer if the encryption key is correct - so it will seem closed for anyone else.
So, Wireguard uses UDP & port triggering doesn’t work for Wireguard because of this ? The concept of port triggering from what I understand is more secure because, unlike port forwarding, the port isn’t left open all the time when enabled. If a request is sent to my AIO modem from the public IP to the configured “port-triggered” port it wouldn’t open up the port to allow Wireguard to function ?
A secondary question: specifically for easier access to the 2nd router what would DMZ do for me ? Would it open that router up fully & negate the need for port forwarding ?
Also, does UPnP play any significant roles in getting Wireguard to work or no ?
I’m trying to learn about all of the various options available to me & how any or all of them might help me.
Thank you for your input & time in helping me better understand everything.