SexualPolytope, 1 month ago

My setup looks like the following:

<span style="color:#323232;">/etc/wireguard/wg-vps.conf on the VPS
</span><span style="color:#323232;">-----------------------------------------------------
</span><span style="color:#323232;">[Interface]
</span><span style="color:#323232;">Address = 10.8.0.2/24
</span><span style="color:#323232;">ListenPort = 51820
</span><span style="color:#323232;">PrivateKey = ********************************************
</span><span style="color:#323232;">
</span><span style="color:#323232;"># packet forwarding
</span><span style="color:#323232;">PreUp = sysctl -w net.ipv4.ip_forward=1
</span><span style="color:#323232;">
</span><span style="color:#323232;"># port forwarding 80 and 443
</span><span style="color:#323232;">PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.1:80
</span><span style="color:#323232;">PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.1:443
</span><span style="color:#323232;">PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.1:80
</span><span style="color:#323232;">PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.1:443
</span><span style="color:#323232;">
</span><span style="color:#323232;"># packet masquerading
</span><span style="color:#323232;">PreUp = iptables -t nat -A POSTROUTING -o wg-vps -j MASQUERADE
</span><span style="color:#323232;">PostDown = iptables -t nat -D POSTROUTING -o wg-vps -j MASQUERADE
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Peer]
</span><span style="color:#323232;">PublicKey = ********************************************
</span><span style="color:#323232;">AllowedIPs = 10.8.0.1
</span>

<span style="color:#323232;">/etc/wireguard/wg-vps.conf on my home-server
</span><span style="color:#323232;">---------------------------------------------------------------
</span><span style="color:#323232;">[Interface]
</span><span style="color:#323232;">Address = 10.8.0.1/24
</span><span style="color:#323232;">PrivateKey = ********************************************
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Peer]
</span><span style="color:#323232;">PublicKey = ********************************************
</span><span style="color:#323232;">AllowedIPs = 10.8.0.2
</span><span style="color:#323232;">Endpoint = <VPS-DDNS>:51820
</span><span style="color:#323232;">PersistentKeepAlive = 25
</span>

Now, just enable the tunnel using sudo systemctl enable --now wg-quick@wg-vps. Make sure that the port 51820, 80, and 443 are open on the VPS. Now, allow 80, 443 through the firewall on the home-server (not on the router, just allow it locally), and it should work.