From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: steven@honson.id.au Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 96544aa2 for ; Fri, 7 Sep 2018 15:17:38 +0000 (UTC) Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5226d139 for ; Fri, 7 Sep 2018 15:17:37 +0000 (UTC) Received: by mail-pg1-x52a.google.com with SMTP id 2-v6so7164827pgo.4 for ; Fri, 07 Sep 2018 08:17:59 -0700 (PDT) Return-Path: From: Steven Honson Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_8E7621C3-B81F-460A-ACA0-C89C56F332A8" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: Re: Wireguard behind NAT Date: Sat, 8 Sep 2018 01:17:54 +1000 In-Reply-To: To: =?utf-8?Q?Adri=C3=A1n_Mih=C3=A1lko?= References: Cc: wireguard@lists.zx2c4.com List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --Apple-Mail=_8E7621C3-B81F-460A-ACA0-C89C56F332A8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Adrian, As SIDE_B has a public IP address, the example you give should work = fine. In this case, SIDE_A will establish a connection with SIDE_B which = effectively punches a NAT hole for return traffic from SIDE_B to SIDE_A. When configuring the SIDE_A peer on SIDE_B, just leave EndPoint unset. Inversely, when configuring the SIDE_B peer on SIDE_A, use the dynamic = DNS name (and the port that SIDE_B is listening on). The NAT Hole Punching example Jason provided is more applicable to = situations where both WireGuard peers are NATed. In your example it = sounds like this is only the case for SIDE_A. Cheers, Steven > On 3 Sep 2018, at 5:51 am, Adri=C3=A1n Mih=C3=A1lko = wrote: >=20 > Is there any way to connect to Wireguard behind a Carrier-grade NAT?=20= >=20 > On SIDE_A I have a backup LTE connection, without proper public ip, = only dynamic ip and I server with Wireguard.=20 >=20 > SIDE_A =3D mobile LTE connection, without public IP, behind carrier = grade NAT=20 > SIDE_A_SERVER =3D WIREGUARD (connecting to sideb.dyndns.org = )=20 >=20 > SIDE_B =3D VDSL with public ip + ddns (sideb.dyndns.org = )=20 > SIDE_B_SERVER =3D WIREGUARD (cannot connect to SIDE_A, because no = public ip on SIDE_A)=20 >=20 >=20 > Best regards,=20 > Adrian > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard --Apple-Mail=_8E7621C3-B81F-460A-ACA0-C89C56F332A8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Adrian,

As SIDE_B = has a public IP address, the example you give should work fine. In this = case, SIDE_A will establish a connection with SIDE_B which effectively = punches a NAT hole for return traffic from SIDE_B to SIDE_A.

When configuring the = SIDE_A peer on SIDE_B, just leave EndPoint unset.

Inversely, when configuring the SIDE_B = peer on SIDE_A, use the dynamic DNS name (and the port that SIDE_B is = listening on).

The NAT Hole Punching example Jason provided is more = applicable to situations where both WireGuard peers are NATed. In your = example it sounds like this is only the case for SIDE_A.

Cheers,

Steven

On 3 Sep = 2018, at 5:51 am, Adri=C3=A1n Mih=C3=A1lko <adriankoooo@gmail.com> wrote:

Is there any way to connect to Wireguard behind a = Carrier-grade NAT?

On SIDE_A I have a backup LTE connection, without proper = public ip, only dynamic ip and I server with Wireguard.

SIDE_A =3D mobile LTE = connection, without public IP, behind carrier grade NAT
SIDE_A_SERVER =3D WIREGUARD (connecting to sideb.dyndns.org)

SIDE_B =3D VDSL with public ip + ddns = (sideb.dyndns.org)
SIDE_B_SERVER = =3D WIREGUARD (cannot connect to SIDE_A, because no public ip on = SIDE_A)

Best = regards,
Adrian
_______________________________________________
WireGuard = mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

= --Apple-Mail=_8E7621C3-B81F-460A-ACA0-C89C56F332A8--