On Fri Jan 15, 2021 at 3:21 PM CET, Maarten de Vries wrote: > WireGuard doesn't have to use the same local port for all clients. In > fact, if you don't give a ListenPort explicitly, an ephemeral port is > assigned. This could theoretically still conflict between clients on This is correct. I mistakenly thought that, by default, WireGuard used the target port as a source port as well (when available). Ephemeral makes more sense & is also what really happens.
So yes, Joachim should both fix the NAT and drop ListenPort from his clients. Riccardo
