Hi everyone, I’m not well versed in computing/networking so please forgive me if I am a bit slow. I installed WG-Easy 2.0.16 (official) on my TrueNAS Scale 23.10.2. The issue is that my client (WireGuard for Android v1.0.20231018) is not showing any rx transfer.
I followed this guide. The values that are not defaults are as follows:
Application Name: “wireguard”
Hostname or IP: my external IP
Password for WebUI: I used a password
Device Name: “br0”; This is a bridge I created and it is being used by a Lubuntu VM in TrueNAS Scale already and works
Clients DNS Server: “8.8.8.8”
Web Port: “51821”
Host Network: When this is checked, I cannot specify a UDP Port. When this is unchecked, I can specify a UDP Port. I have tried with this checked as well as unchecked with a UDP port of 51820.
I have tried both of the below on my router:
Port forwarded UDP Port 30057 external to 51820 internal for my TrueNAS Scale’s server’s static IP.
Port forwarded UDP Port 51820 external to 51820 internal for my TrueNAS Scale’s server’s static IP.
Does anybody have any advice on how I can debug my issue further ? I really appreciate your time.
Did you get anywhere with this? I’m having major issues as well following that setup guide to the letter and still not working.
I believe I have found the root cause of the issue. My external IPv4 address is different from the IPv4 address of my router (100.x.x.x) which means that I am behind a CGNAT (Carrier Grade Network Address Translation).
I am aware that there are many ways to implement this behind a CGNAT and I am currently exploring those options.
Hey jwilson2899. I believe I have identified the issue. I also read your post and I don’t believe my issue is what you’re experiencing. I believe mine is not working because I am behind a CGNAT.
If your ISP supports IPv6, you could use that instead. You won’t have to worry about CGNAT as IPv6 eliminated the need for NAT.
Thanks for that info. My server’s ISP does assign IPv6. I did some research into it and it looks like as long as my client also has an IPv6, I can configure the VPN to go through IPv6.
If you are behind CGNAT and want to access the server from outside your network via IPv4, you typically setup wireguard on a VPS or some other such rented server on the internet with a static ip. Then truenas wireguard connects to your own rented server, and remotely you connect to your rented server which forwards packets back to your home network. A few steps there to work out but I am behind CGNAT without any issue. I can access my home LAN as my home LAN, just like at home, via wireguard. And the phone wireguard app makes it great because you can say when not using certain SSIDs, automatically start it, so, as soon as I leave the house, I still have access without doing a thing. Networking skill does help when it comes to wireguard setup.
