Gateway remote access driving me to madness

I can’t figure out how to connect to the gateway remotely.
Pagekite don’t connect, I have tried a different pagekite separately with a simple Node js webserver and it is working.
I have tried port forwarding 8080, 443, 80 on my router and nothing.
I have tried dynamic DNS and port forwarding with my simple Node js webserver and it is working, but no response from the gateway.
I am using a gateway instance built from the repo as described and the docker image and the raspberry pi image and no success.
Any help please :pleading_face::crossed_fingers:

Maybe how to use my pagekite instead would help!!

I skipped setting up the Web Things tunnel and use either: A local SSH server & port forwarding, OR: a local WireGuard intance, to securely connect to my home network. Works for WebThings and also my other applications.

Thanks @EricEdberg
I am still reading about wireguard
More hints about using local wireguard please

Installing Wireguard is easier if you have a Linux distribution compared to a Raspberry PI.

There are many guides how to install Wireguard on Linux. I have an Unbuntu 20.04 laptop as my primary WG and application server. My main gateway router is configured to forward the the port WG is configured to use to my laptop.

My RPI instance is running raspian and hosts WebThings. I installed WG on this server too but there was no package to easily download and install. I had to compile WG on the RPI directly into the kernel. There was a risk mucking with compliling it in the kernel but worked in the end.

Clients then connect to the WG server using networking/routing configurations provisioned on the server. I have 2 configurations that I can enable: 1) routes all traffic, and 2) routes traffic on the server network LAN (split tunnel).

Creating the server configuration files is usually contained in web examples.

I’ll poke around my main computer later to see what bookmarks I used.

SSH is equally secure and well established and have many-many examples guides too. You can then port-forward specific applicaiton ports as needed.

I like WG because it supports routing restrictions. I’ve setup my remote and primary home to use a different LANs. I keep a WG instance open/up at all times so I can access devices (cameras) at each location at any time and/or tunnel web traffic e.g.: I sometimes stream Comcast from my vacation home to my primary home computer (or where I’m located).

Ok, I will try setup wireguard in webthings gateway’s docker container (since RPI isn’t here right now).

  1. I will configure the container as the server (which has an IP and port).
  2. Use android phone as the client using the WG mobile app, or maybe another PC.
  3. Forward the port specified by WG on my router.

Now am I able to open the gateway from my mobile?
Should I try from another network (different public IP) or it doesn’t matter?

Remember that when you restart your WebThing container you will loose your wireguard installation, files, and data. The only data that is saved are files mapped to a volume (-v) outside the container.

I suggest that you do not configure, or even custom build, WG in the WT image. Your WG configuration should be a seperate installation as is it functionally different.

If you can access the WG from your mobile using LAN WiFi then you are good to go.

Do not use well-known ports on your internet-facing router as those will be scanned and probed by nefarious web-based computers. Pick a random port.

In each client configuration you can specify exactly what networks, or even hosts IPs, that a client can access remotely to limit exposure.

Also, there is a method to configure clients using QR codes. I have sent them to relatives that do not understand client configurations so they could easily access some of my home device(s). See:

There was a web article stating Raspian now supports WG natively, so a normal “sudo apt install wireguard” would work.