General • Re: Stuck with my Wireguard config

As already stated: You do not have an accept rule for the incoming wireguard handshake.
add chain=input action=accept comment="wg handshake" dst-port=13231 protocol=udp

I would also be clearer on forward chain.
Change default rule
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN

TO:
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="wg to LAN" in-interface=wireguard1 dst-address=10.9.8.0/24
add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"


Edit: I was looking at the wrong config, I see you have the above fixed ( input chain rule ). Confirm you get a public IP!!!

Statistics: Posted by anav — Tue Feb 11, 2025 5:28 pm

---