Howto configure RUT950 to pass wireguard connections to RPi server on LAN

I am trying to setup internet access for a second home using a RUT950 with SIM.
RUT950 is old generation with FW version: RUT9XX_R_00.06.09.5
Everything works as expected.
To enable remote configuation/management of this remote network I copy exactly what I have done on my main home network and install a Raspberry Pi 4 and install a wireguard and VNC servers.
On my main home network this allows me to open wireguard tunnel from a remote laptop and then establish a VNC using the wireguard ip address of the server to get a remote RPi desktop similar to teamviewer.
When I try a similar comfiguation on the second home network it does not work.
On the RUT950 I have setup DDNS for the external IP address (
I have added a port forward rule for the RPi on the local LAN.
I have installed wireguard on the the RPi and created the endpoints for the clients.
The connection does not appear to get through the RUT950 so I assume it is a firewall issue.
My home network uses openwrt with the default firewall rules and a single port forward for the wireguard connections.
On the LAN side of the RUT950 I have an openwrt netgear router configured as an access point so one solution would be to put the RUT950 into bridge mode and reconfigure the netgear as a router but I would prefer to just get the RUT950 to pass the client requests,
Is there a rule that should be added to the firewall or am I being tripped up by the RUT950 WN NAT?

The issue was with Vodafone and it’s use of cgnat.

I fixed it by simply using which I can highly recommend as it is a breeze to setup and appears very efficient. It even supports me sharing my NAS with a second home which is an unexpected added bonus :smiley:

This topic was automatically closed after 15 days. New replies are no longer allowed.