Home

Forums

Stories

Knowledge Base

Business Community > Gateways > Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

< Gateways

Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

CarlosNET

2024-07-09 11:22:57 - last edited 2024-07-09 11:24:38

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-07-09

Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

2024-07-09 11:22:57 - last edited 2024-07-09 11:24:38

Tags: #NAT #VPN #WireGuard

Model: ER8411

Hardware Version: V1

Firmware Version: 1.2.1

Hello, I have a problem that I don't know how to solve.

I have two offices that are connected through WireGuard.

The communication between the two offices works fine.

The configuration is as follows:

Central Office

er8411v 1.0 OC300 v1.0
WAN1 IP: 192.168.1.2/24 (External Router: 192.168.1.1/24)
LAN1 IP: 192.168.2.1/24

Branch Office

ER706W v1.0 OC200 v1.0
WAN2 IP: 192.168.3.2/24 (External Router: 192.168.3.1/24)
LAN2 IP: 192.168.4.1/24

The problem occurs when I want to communicate from WAN1 to LAN2 using NAT.

The configuration is as follows:

Incoming port: 555
Outgoing port: 66
Outgoing IP: 192.168.4.2

How do I make the NAT from WAN1 communicate to LAN2 through the VPN?

5 Reply

Clive_A

2024-07-10 01:20:21

Posts: 8362

Helpful: 4306

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

2024-07-10 01:20:21

Hi @CarlosNET

Thanks for posting in our business forum.

Namely, do you want to port forward a port over the VPN tunnel and expose this port to the WAN2?

We don't support such a feature if this is what you want.

CarlosNET

LV1

2024-07-10 06:40:40

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-07-09

Re:Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

2024-07-10 06:40:40

@Clive_A

thanks for answering .

I mean I need to open a port from wan1 and forward it to LAN2 through the VPN

Clive_A

2024-07-10 07:20:42

Posts: 8362

Helpful: 4306

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

2024-07-10 07:20:42

Hi @CarlosNET

Thanks for posting in our business forum.

CarlosNET wrote

@Clive_A

thanks for answering .

I mean I need to open a port from wan1 and forward it to LAN2 through the VPN

Can you use the IP to illustrate this?

I think it is the same thing. But a different direction.

CarlosNET

LV1

2024-07-13 15:34:27 - last edited 2024-07-13 15:35:29

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-07-09

Re:Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

2024-07-13 15:34:27 - last edited 2024-07-13 15:35:29

@Clive_A

I appreciate your help, I think this description is more readable
thank you

Central Office

Model: er8411v 1.0 OC300 v1.0
WAN1 IP: 192.168.1.2/24 (Gateway: 192.168.1.1)
LAN1 IP: 192.168.2.1/24

Branch Office

Model: ER706W v1.0 OC200 v1.0
WAN2 IP: 192.168.3.2/24 (Gateway: 192.168.3.1)
LAN2 IP: 192.168.4.1/24
IP Camera Server: 192.168.4.10/24 (SSH Control Port: 66)

External Client: An external client (without VPN) accesses the camera (IP 192.168.4.10/24, port 66) through port 555. The connection is established through the er4811, then through VPN to the er706w, and finally to the camera. The er706w cannot allow direct client connections due to CG-NAT, so a reverse NAT must be performed from the er8411 through the VPN to the er706w.

Objective: Allow access to port 555 on the er8411 through the VPN to the er706w, and have the er706w redirect the connection to the IP camera server.

Clive_A

2024-07-15 01:18:12

Posts: 8362

Helpful: 4306

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

2024-07-15 01:18:12

Hi @CarlosNET

Thanks for posting in our business forum.

CarlosNET wrote

@Clive_A

I appreciate your help, I think this description is more readable
thank you

Central Office

Model: er8411v 1.0 OC300 v1.0

WAN1 IP: 192.168.1.2/24 (Gateway: 192.168.1.1)

LAN1 IP: 192.168.2.1/24

Branch Office

Model: ER706W v1.0 OC200 v1.0

WAN2 IP: 192.168.3.2/24 (Gateway: 192.168.3.1)

LAN2 IP: 192.168.4.1/24

IP Camera Server: 192.168.4.10/24 (SSH Control Port: 66)

External Client: An external client (without VPN) accesses the camera (IP 192.168.4.10/24, port 66) through port 555. The connection is established through the er4811, then through VPN to the er706w, and finally to the camera. The er706w cannot allow direct client connections due to CG-NAT, so a reverse NAT must be performed from the er8411 through the VPN to the er706w.

Objective: Allow access to port 555 on the er8411 through the VPN to the er706w, and have the er706w redirect the connection to the IP camera server.

VPN Client---VPN tunnel---ER8411(which is a VPN server)---VPN tunnel---ER706W_LAN---IPC server.

Is this what you mean?

You want a client to access the IPC?

That's possible as long as the VPN is established. However, the VPN client is required to access the IPC server LAN IP and local port. This is the only way you can do with our products now.

We don't support you change the port to 555 on the ER8411 and IPC IP to a different one. It should be a LAN > LAN VPN implementation. Something similar to this: How to Configure WireGuard to Enable Client to Access Remote IPsec Site

Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

Wireguard VPN NAT Issues Through er8411v 1.0 OC300 v1.0 - ER706W v1.0 OC200 v1.0

Information

Voters 0

Tags