Protocols and ports needed by BTH VPN Wireguard

Hi all.
I fear something is being filtered out by my ISP as I cannot connect to BTH VPN via wireguard app.
The Android APP says (translate from Italian) that “VPN cannot be activated: VPN service not authorized by the user”.
On my Android device there is no such an authorization to be granted to the app itself, so I suspect it is something on my RB5009.

Which protocols do I need to be available onto my home RB5009 WAN to make sure BTH VPN Wireguard works?

This is my environment.
Device: RB5009
RouterOS: 7.14.3
Android: 14
Mikrotik BTH app version: 0.24
Wireguard Android app version: 1.0.20231018

I used Winbox to:

1. Enable IP/Cloud/BTH VPN
2. I created a user in IP/Cloud/Back To Home Users
3. I got the QR code from that user config into Mikrotik BTH app: no way to connect as the power button doesn’t react.
4. I got the QR code from IP/Cloud/BTH VPN Wireguard int oWireguard VPN app: “VPN cannot be activated: VPN service not authorized by the user”.

I cannot use WiFi in this very case.

BTH put dynamic rules, no need to be added, just enable BTH !

I suspect my ISP is blocking some protocols. This is why I am asking.

Well one would hope it randomly uses Ports and not the default port for wireguard which would be an easy target to filter.
Other than that its UDP based. Any country can block vpns if they put the infrastructure in place to do so…

Hope?
Is the “ListenPort” configuration item the UDP port number of the VPN server?

Why “Endpoint = :0”?

I would say so, but in BTH is should be shown in the IP cloud menu I think?
Endpoint for both router and client device is the BTH cloud server…
Allowed IPs at least on the router for the client peer are probably only set to the wireguard subnet.

I would expect the wireguard configuration file to be pretty complete, with also endpoint addresses or hostnames.

Instead it looks like that: “Endpoint = :0”.
No hostname or IP. It looks weird to me.
But it could be my fault.