Having trouble getting a VPN client to connect to my VPN server behind NAT I configured (with pictures)

VPN
1

!!!SOLVED!!!, with thanks to u/nicholaspham

Hi all,
I’m a networking beginner, so apologies if this is a dumb question, but I have spent many hours trying to get this set up to no avail.

Setup

I’m trying to build a personal VPN server on a router at my house (diagram) and I’m running into some issues on the client side (I think). I believe I’ve set it up properly: there is NAT on the gateway router so I set up a port forward on the gateway router to x.73 (the external IP of the VPN router) on port 42942. I have the server configured to match (router server settings) as per the instructions for the router.

For the peer I set it up using the default settings and it looks like this (router peer settings) on the router side of things (color coded keys for later). Then, on my client/phone, using the android wireguard app, I used the QR scan feature as per the aforementioned instructions, and the settings on the phone look like this (phone VPN settings).

The Problem

While it is on, I am unable to connect to anything on my phone, receiving a message from my browser that states: DNS_PROBE_FINISHED_NO_INTERNET

How I’ve tried to fix it

I’ve recreated the peer a couple times on both ends to try and make sure it was done right, that doesn’t seem to be the issue.

The only other thing I could think of was that, since there is NAT and it is being port forwarded, that in the phone VPN settings I should have it go to the gateway’s address (72.x from the diagram) instead and it would then be forwarded to the router with the VPN server. That didn’t work, though I’m not sure I did that right.

!!!SOLVED!!!

2

Curious as to why you have your router’s IP natted…

  1. Check to see if that port is open against your wan ip… if it is then go to step 2. If not, you have an issue with the port forwarding

  2. Under the external ip on the router settings change it to your wan ip in case ddns is picking up your router’s internal ip handed by your gateway.

  3. Retry

Anyways, you should almost never have a router behind a router because of double NAT

3

Thanks for the response!

So I didn’t put the NAT there, my ISP did. It’s my ISP’s gateway that has the NAT that I’ve set up the port forwarding on, I’m unable to access the setting to bridge it (don’t have the password, even tried hard resetting it and calling the ISP but they just told me what I found was the username/password online).

  1. Not sure what : “Check to see if that port is open against your wan ip” means?

  2. Taking this to mean set “IP Address” in the “Server Settings” to be the same external IP that my gateway router is on? I’ll give that a try and update.

EDIT: #2 WORKED!!! Thank you so much! I have internet now on the VPN and when I search my ip it comes up with the correct IP!

4

Wonderful! You’re welcome!

What ISP do you have?

5

Definitely should be a way to go into bridge mode… what model is your modem

6

It is able to go into bridge, but I don’t have the username/password to access the router. It’s their panoramic gateway. I read online it should be admin/password or admin/ respectively but that didn’t work. I then hard reset the whole thing by holding the button for 30s but the password still wasn’t the default.