Azure Wireguard server port forward

Daniel 1 Reputation point
2022-01-22T07:48:46.163+00:00

I have set up a Wireguard server in Azure VM. Wireguard client in Mango router connecting to it works perfectly.

However, I have tried to forward port 44158 both on the server side and my router client side but https://portchecker.co/
returns the public IP port 44158 is closed.

I can confirm that the port forward on my client side is working because when the same router, this time using OpenVPN client, connects
to my other Azure OpenVPN server, PortChecker returns the other public IP port 44158 is open. As such, the Wireguard port
forward issue is on the Azure Wireguard server side.

In the Azure VM running Wireguard server, here are the relevant IPs:
eth0 (Private IP or VM interface IP) = 10.1.0.4
wg0 (Server’s VPN IP) = 10.7.0.1
allowed IPs (Client's VPN IP) = 10.7.0.2

And here are the response to command "sudo iptables -L -n -t nat" in ssh
root@Wireguard:~# sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:44158 to:10.7.0.2:44158
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:44158 to:10.7.0.2

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:10.1.0.4
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:10.1.0.4
SNAT tcp -- 0.0.0.0/0 10.7.0.2 tcp dpt:44158 to:10.7.0.1
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:10.1.0.4
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:10.1.0.4
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:10.1.0.4
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:10.1.0.4

Could someone kindly check what is wrong in the iptables and how can I correctly do port forward in
Azure Wireguard server?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,458 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daniel 1 Reputation point
    2022-01-22T10:37:38.5+00:00

    Oh, sorry! My bad.

    The port forward is actually working. I later discovered that the router OpenVPN client port forward rule
    cannot be re-used with Wireguard server. After I added a new Wireguard client port forward rule in router,
    it is now working.