NAT Loopback / Hairpin NAT
Problem
Section titled “Problem”Cannot connect to WireGuard VPN using external DNS name (vpn.microsoftlab.ch) from inside the network.
ISP router does not support NAT loopback (hairpin NAT).
Solution Options
Section titled “Solution Options”Option 1: Use Internal IP
Section titled “Option 1: Use Internal IP”When inside network, connect to internal IP instead of external DNS.
Option 2: Split DNS
Section titled “Option 2: Split DNS”Configure internal DNS to resolve vpn.microsoftlab.ch to internal IP.
Option 3: ISP Router Settings
Section titled “Option 3: ISP Router Settings”Some ISP routers have NAT loopback setting - check router configuration.
Port Forwarding Required
Section titled “Port Forwarding Required”On ISP router:
External Port: 51820Protocol: UDPInternal IP: 192.168.1.100 (UniFi Gateway WAN)Internal Port: 51820