Accessing a wireguard VPN server behind NAT


New Member
Jan 20, 2024
Reaction score
Hi everybody

I'm trying to setup a Wireguard VPN server on an Ubuntu orange PI device behind a NAT but I'm struggling to make it work... I'm quite new to this and might be asking a dummy question, sorry...

My goal is to enable my VPN clients to access a node-red dashboard hosted on the PI VPN server ONLY: I neither want VPN clients to access the rest of the LAN nor for them to browse the Internet through the VPN tunnel.

Here's my network setup :

- The orange PI is connected via WIFI (wlan0) to the Internet router with a static IP address:

- The Internet router LAN IP is and it is configured to NAT incoming WAN traffic on UDP port 45000 to (I cannot add routes to it so can't NAT directly to the PI VPN IP address)

- Wireguard is installed on the orange PI and very simply configured to create a network interface wg0 using IP and for its clients to use 192.168.12.x. its config file is:
PrivateKey = <server-private-key>
Address =
ListenPort = 45000
PublicKey = <client-public-key>
AllowedIP =

- Wireguard clients are set to use the Internet router WAN IP on port 45000, and then allowed to access Here is one of their config files:
PrivateKey = <client-private-key>
Address =
PublicKey = <server-public-key>
AllowedIPs =
Endpoint = my.public ip.address:45000

When I start the tunnel from a client and try to browse, I end up getting either a timeout or a rejected connection... But there's no firewall on the PI. I've also tried to get rid of the dedicated VPN network and to assign both the Wireguard server and clients IPs on 192.168.1.x subnet, but it changes nothing. What am I missing?

Do I need to add routes on the PI so it forwards all traffic coming on to even if it's on the same device?

Do I need to edit /etc/sysctl.conf and set net.ipv4.ip_forward=1 even if I don't want VPN clients to access the rest of the LAN?

Do I need to add PostUp and PreDown iptables instructions in the server config file?

Or is it something else?

Many thanks in advance for your help !

Latest posts