Noob question about accessing home based wireguard vpn

Hello! I recently completed setting up a wireguard vpn at my home to access when I am on the road. I have never done anything like this before so I am surprised I made it this far. I am at a loss at what I need to do with my surf soho in order to access the vpn from outside my network. From what I can tell, I need to set up port forwarding, but I don’t know what I need to do exactly. Can anyone guide me?

I hope I’m asking the right questin. I am a noob to port forwarding. I think this is what I need to accomplish to complete my wireguard setup. Thank you for your assistance!

Hi - welcome to the forum!

Excellent!

I assume the surf soho is the gateway router in your home yes?

In which case, when you setup wireguard you will have set a listen port number for the service on the oc you installed it on. ON the soho you need to add a new service and tell it which port to forwardd.

See page 59 of https://download.peplink.com/manual/pepwave_surf_soho_user_manual_fw7.pdf for more details.

1 Like

Hi @surfy. In addition to the good explanation you received from @MartinLangmaid, may I suggest another approach for your consideration? Your Peplink/Pepwave router can host a VPN “all by itself” and do it well with a minimum amount of fiddling and no “extra” equipment to purchase or configure. No port forwarding. Here’s a screenshot of a Balance router set up for L2TP, for example:


Just an option … :grinning:

2 Likes

Hi Guys, thanks again for helping me out. @Rick-DC I would have used the built in vpn, but I wanted to try out wireguard, so I went with that option for now.

@MartinLangmaid The surf soho is the gateway router in my home. I attempted to set up port forwarding, but I am unable to connect to my VPN. Here is what I think I know: The dyndns is setup correctly, because I just witnessed my IP address change in the dyndns control panel. The wireguard credentials appear to be okay. What I’m not sure about: my inbound firewall rule is the default option, but it is set to reject all. I tried accepting all (the default setting) and I also tried a rule to allow the wireguard port, but no luck. The only thing I can guess right now is my port forwarding setup isn’t correct.

I noticed something interesting while I was poking around the soho settings, the device that is running the wireguard service does not appear in my client list. It shows up after a reboot of the device, but disappears shortly after. I don’t know if it has any relation to my wireguard connection problem, but the device is connected via eth and it is connecting to the internet.

for testing leave that as accept all. eg:

Nothing wrong with that at first glance,

Create a new inbound firewall rule for the destination port set to accept and enable event logging and put it above the default any:any allow rule:
image

When traffic hits that port you should see log entries on the status log page - do you?

Nothing to worry about. Devices only appear in the client list if they are talking to the internet. Wireguard is a very quiet protocol when its not being used so it drops off the client list.

1 Like

THANK YOU!! I can see that I’m connecting to my vpn but there is no internet access, and it seems to be a dns issue on the wireguard device. The wireguard traffic check rule allowed me to connect, and I was able to set the default rule back to deny afterwards. I’m going to keep plugging away and see if I can find out where I’m going wrong with the wireguard device.

2 Likes

If the default rule is deny, then responses to outbound traffic from the wireguard device will get blocked…

1 Like

I realize we are just getting to OPENVPN availability now, but considering the speed of the WIREGUARD Protocols, shouldn’t plans be in the works to support it in the near future as well?