Guide: Enabling UDP (WireGuard / Pangolin) on Oracle Cloud Free Tier VPS

Networking
, ,
1

Guide: Enabling UDP (WireGuard / Pangolin) on Oracle Cloud Free Tier VPS

This walkthrough is based on Ubuntu running on Oracle Cloud Free Tier. The key issue many hit is that UDP port 51820 is blocked by default — so even if WireGuard or Pangolin is installed correctly, nothing works until you fix the networking rules.

Enable IP Forwarding

Edit the sysctl config:

sudo nano /etc/sysctl.conf

Uncomment (remove #) or add these lines:

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

Save (CTRL+X, then Y, then Enter) and apply:

sudo sysctl -p

Open UDP Port 51820 in Oracle Cloud Console

image
image2244×856 40.6 KB

Oracle uses VCN Security Lists instead of a traditional firewall. You must allow UDP traffic explicitly:

  1. Log in to Oracle Cloud Console.

  2. Go to Networking → Virtual Cloud Networks (VCN).

  3. Select your VCN (usually only one if you’re on Free Tier).

  4. Open the Default Security List.

  5. Add an Ingress Rule:

    • Stateless: Yes
    • Source CIDR: 0.0.0.0/0
    • IP Protocol: UDP
    • Destination Port Range: 51820

:backhand_index_pointing_right: For Pangolin’s web UI, ensure TCP ports 80 and 443 are also open (these are often allowed by default).

Install Pangolin + Docker

Use the official quick‑install script from Pangolin Docs:

curl -fsSL https://get.pangolin.run | sudo bash

The installer will:

  • Install Docker if missing
  • Set up Pangolin containers
  • Optionally ask about CrowdSec (skip for now unless you want to manage it manually)

Configure Pangolin + Newt

  • Access the Pangolin dashboard at your domain (with Let’s Encrypt SSL auto‑configured).
  • Create your admin account and organization.
  • Add applications and configure Newt clients as needed.

:warning: Important Notes

  • Do not enable UFW on Oracle Cloud Ubuntu images. It conflicts with Oracle’s iptables rules and can lock you out of SSH.

  • If UDP still seems blocked, test with netcat:

    On VPS:

    sudo nc -u -l -p 51820

    From another machine:

    echo "test" | nc -u yourdomain.com 51820

    If you see test on the VPS, UDP is flowing. If not, recheck Oracle’s security rules.

  • Remember: sometimes it’s not the water’s fault if you can’t swim :wink: — the port really has to be open.

:white_check_mark: With these steps, UDP on port 51820 should be working, and Pangolin + Newt should connect without issues.

Ref- Wireguard Oracle Cloud step by step : r/WireGuard

2

I installed Pangolin on an Oracle VPS a few month ago.

Sure, I had to add the Ingress Rule for 51820.

But I did not have to touch the /etc/sysctl.conf and Pangolin is working perfectly.
I connected to the VPS and all lines in the /etc/sysctl.conf are commented.

Maybe enabling ip forwarding is only needed if you want to setup a wiregard gateway (not sure this is the right term by the way), like setting up wg-easy to allow a wireguard client to connect to the VPS and be able to reach resources running on a pangolin site ?

3

Depends on the images. I haven’t done this setup on my vps at all and all is well. UDP just works right out of the box. No need to fiddle with anything.

Oracle has weird things with their custom images. So all depends on your region and data centre. I have a similar vm on the same region I had to follow the above steps.

So ya !!! :sweat_smile:

4

Ah. So the ymmv applies…

As far as I understand though, Pangolin alone does not need the ip_forwarding except when trying the olm vpn client : Add Client - Pangolin Docs