wireguard-docs icon indicating copy to clipboard operation
wireguard-docs copied to clipboard
verified publisher icon pirate

one question about "NAT To NAT Connections"

Open runmark opened this issue 5 years ago • 1 comments

I have two clients (client 2, client 3) behind NATs and one client (client 1) have a static public IP, and I connect them with wireguard VPN. My question is: when client 2 send message to client 3, or the other way round, the message goes directly to client 3, or go through client 1 then to client 3? and why?

image

runmark avatar Jan 20 '21 07:01 runmark

It's up to you to choose how to route the traffic, wireguard does not automatically do NAT busting or find the shortest path, it just routes based on the rules you define in AllowedIPs. If you want a system that will automatically route from NAT to NAT or find the shortest path, you need a layer on top of wireguard to control it (like Tailscale).

https://tailscale.com/blog/how-nat-traversal-works/

pirate avatar Mar 06 '21 13:03 pirate