> Scenario: > A = internet (WAN) host (WireGuard IP 10.1.1.3) > B = OpenWRT router (WireGuard IP 10.1.1.1) > C = LAN host (WireGuard IP 10.1.1.2)
What you have been told is correct for the case of A connecting to C. there is no way for A to reach the Wireguard port on C without B forwarding that port. However, if you can turn it around and have C connect to A, assuming the wireguard port on A is accessible from the internet, C will be able to connect to A. Once the connection is established, traffic will flow both ways.