Wireguard with client on a firewalled LAN?
-
I have a LAN on an Internet service that provides me with a dynamic IP address. The service provider has a firewall which blocks ALL inbound traffic — i.e., I can initiate connections outbound from my LAN to the Internet, but any attempts to initiate a connection inbound to my LAN from the outside simply WILL NOT get through (even if my router's external IP address is known, so a dynamic DNS service won't help). Can I use Wireguard in such a situation? Or does Wireguard demand that each endpoint must be able to connect directly to the IP address of the other endpoint? If Wireguard is not usable in my environment, can anyone suggest an alternative that will work?
-
Just for clarity, are you planning to have a Wireguard "server" that you can connect to from the outside world? Like what is your end goal? To be able to VPN back in to your home network when you're on another network?
-
I want to be able to use Wireguard to connect into my home network from a cloud server sitting on the Internet at large. Can I do this by setting up a Wireguard connection from my home network to my cloud server? I can't initiate a connection from my cloud server to my home network, because my home network is firewalled by my service provider and won't allow any inbound connection attempts. But if I initiate a connection (via Wireguard) from my home network to my cloud server, can I use this outbound connection in some way to allow inbound connections from the cloud server to my home network?
-
@Rich-W I still can't believe some service providers don't allow connections inbound, blows my mind and in all honesty frustrates the crap out of me lol. Anyway rant over.
So yes, you should still be able to do this, Wireguard works fine behind NAT you just need to be able to have a single static/public IP somewhere that can act as the "server" (in quotes since in WireGuard terms it's all called a peer).
You should be able to setup WireGuard on a cloud server and then initiate a connection from your local server/client behind the ISP and that in theory should work just fine. Then it's just a matter of firewall rules etc... to allow connections back and forth.
What is the goal of the servers here? Like are you hosting something that needs to be accessible from the outside world? If so another option might be using something like Cloudflare Tunnels to expose something on the public net.
-
I have a private, local e-mail server (I set this up before Gmail was a thing, and it would be too big of a hassle to migrate to Gmail at this point).
Everything worked just fine when I had my home LAN connected to the Internet via a public, static IP address. My family recently moved to a small community which is exclusively serviced via a fibre network that provides me with only a dynamic IP address that cannot be connected to from the outside (sorry, @planedrop, that's just the way it is, grin and bear it).
If I can't have my in-house mail server accessible from the Internet (via SMTP and IMAP), I'll need to set up mirror ports on a cloud server and tunnel these ports to the corresponding ports on my mail server. This, however, will require a way to tunnel into the mail server from the outside.
-
@Rich-W Ahhhh gotcha, this makes a ton of sense.
In theory it should all be doable but I'd have to think a bit more about the best way to do it.
I'd probably first ask though, any chance this email server could be migrated to a cloud provider (not like GMail but as in the machine/VM running it could maybe be run with a public IP on a cloud VM?). Just a thought, may not be the best solution though.
-
I've considered migrating my in-house server to the cloud. I've got way, way too much e-mail on my in-house server, though, for an off-site migration to be easy (or to cost less than an arm and a leg). Even if I were to migrate only the "recent" e-mail to the cloud, and keep my long-term archives local, it would still involve gigabytes.
-
-
I was able to get my ISP to give me a publicly accessible IP address for my WAN. This has solved my problem. Thanks for all the suggestions.
