Disable NAT on Wireguard server?

nitro93

Hi all,

I'm currently attempting to set up Wireguard as a tunnel (my new broadband provider is using CGNAT).

I essentially would like to remove the NAT on the Wireguard server, allowing all ports to be forwarded through.

Does anyone know of a way to do this?

jmgcaguicla

Care explaining the network topology (e.g. 1 pc behind cgnat + 1 wg server with a public NAT address)? My crystal ball isn't giving me anything.

nitro93

@jmgcaguicla said:
Care explaining the network topology (e.g. 1 pc behind cgnat + 1 wg server with a public NAT address)? My crystal ball isn't giving me anything.

Sorry! Topology:

Home Router -> VPN Router -> Wireguard Server

The VPN router runs the internet connection via a modem in bridge mode.

There is a DMZ between the Home Router and the VPN Router, with the Home Router dealing with the port forwards etc.

Hope this helps

xernaron

You will need to route a public IP address to your home devices. If you only have one IPv4 address assigned to your server, you will have to do nat anyway

lebuser

@xernaron said: You will need to route a public IP address to your home devices. If you only have one IPv4 address assigned to your server, you will have to do nat anyway

If the broadband supports IPv6 then @nitro93 might use IPv6 for the WireGuard endpoint and route the IPv4 address to the peer. Proxy ARP is probably required on the server for that.

Obviously the server will be IPv6 only, but if you use NAT64/DNS64 then you should be able to make outbound connections to the IPv4 Internet and get updates etc.

nitro93

Cheers guys, all sorted!