I'm working on a small project that involves sharing IPs using Wireguard on fanless PCs placed in remote locations. Unfortunately, these locations may not be physically accessible, nor can I guarantee that port forwarding will be an option (some routers are locked by ISPs, and others are managed by users with minimal technical knowledge). Is there a way to connect to a Wireguard instance that's behind a NAT or router without needing to set up UDP/TCP forwards? My plan is to send a pre-configured PC to clients with easy setup instructions—just plug it in and connect it to Ethernet. I've tried using Tailscale, which seems to offer great advantages and may be a better fit than my original plan. Any thoughts?
3 Answers
A simple workaround could be to set up the remote box as a client that dials out to a public server or VPS you control. Once the connection is established, you can reverse the connection. This way, no port forwarding is necessary on their end.
Unfortunately, connecting without some form of brokering service like Tailscale or Cloudflare Tunnel isn't feasible. You really need those services to bypass the NAT restrictions.
That makes sense. I just need to simplify the process for clients as much as possible. I'll aim to send them a pre-set PC with straightforward instructions.
Connecting a device behind NAT typically requires the device to initiate the tunnel. Consider using a central server, like a VPS, that all remote devices can reach. Then, you can manage traffic routing through that server. While Wireguard itself is great, this is more about the usual functionality of VPNs in general. Tailscale might be worth exploring as they've made this kind of setup easier if people can't manage the tech themselves.
So you’re suggesting keeping the client's VPN connection active at all times, right? I think I can work with a cloud-based endpoint to avoid getting too technical for the users.
That sounds like a smart approach! Do you have any recommendations for a self-hosted VPN solution that works well with Wireguard for this setup?