How can I route all VPS traffic to VPN?

jahrinc

I got a dedicated IP from a VPN company and would like to know how to use that dedicated IP to mask the public IP of the VPS.

In other words the dedicated IP would be the one people see when looking up the site's URL.

I know that Bayfiles does this by routing all the traffic to OVPN's (vpn provider) to mask/hide the true location of their servers.

For example: cdn-113.bayfiles.com points to 217.64.149.0/24 which is an IP from OVPN.

Someone told me I could do this with snat but I got no clue.

dahartigan

You could try a piece by piece approach to this.. first set up the web server, then install your VPN. Just see if you can access the website from the VPN public IP at that point.. if that doesn't work, change Apache etc to listen on the VPN interface, then it should.

TimboJones

Sounds like he needs a proxy, not VPN.

Also, doesn't the webserver bind to the IP of the vpn nic, not the interface, no?

I think he'd still bind to 0.0.0.0 and just firewall block it from the wrong interface.

jahrinc

@TimboJones said:
Sounds like he needs a proxy, not VPN.

Also, doesn't the webserver bind to the IP of the vpn nic, not the interface, no?

I think he'd still bind to 0.0.0.0 and just firewall block it from the wrong interface.

It's nginx so I guess I just see and try:

listen: IP_OF_VPN:80

TimboJones

@jahrinc said:

@TimboJones said:
Sounds like he needs a proxy, not VPN.

Also, doesn't the webserver bind to the IP of the vpn nic, not the interface, no?

I think he'd still bind to 0.0.0.0 and just firewall block it from the wrong interface.

It's nginx so I guess I just see and try:

listen: IP_OF_VPN:80

You probably need to modify your nginx systemd file to start/stop on the VPN being connected (if the test works). Or start/stop nginx from the VPN software.

Barnesanger

@TimboJones said:

@jahrinc said:

@TimboJones said:
Sounds like he needs a proxy, not VPN.

Also, doesn't the webserver bind to the IP of the vpn nic, not the interface, no?

I think he'd still bind to 0.0.0.0 and just firewall block it from the wrong interface.

It's nginx so I guess I just see and try:

listen: IP_OF_VPN:80

You probably need to modify your nginx systemd file to start/stop on the VPN being connected (if the test works). Or start/stop nginx from the VPN software.

Nah, u dont.
Simplest way is to get a vps, install wirequard, use iptables to forward the ports you need. Works perfect, been doing this on game servers hosted from home for years, because it gives some ddos protection, and a static ip who my isp refuses to give me.

MixWP

Hi, I'd like to ask that is it available to route all my server traffics through a vpn? Which means no matter inbound or outbound ip becomes the ip of the vps. And all (i mean almost all) ports are still working just like NAT?

But there is one point, the servers are in different locations. So maybe needed to connect with another ip with another lan???? No idea about the whole stuff🤦

jahrinc

I just asked the same https://www.lowendtalk.com/discussion/comment/3150764#Comment_3150764

MixWP

@jahrinc said:
I just asked the same https://www.lowendtalk.com/discussion/comment/3150764#Comment_3150764

Except inbound, I'd also like my outbound (server software detect) my vpn's IP. Is it possible?

jahrinc

@MixWP said:

@jahrinc said:
I just asked the same https://www.lowendtalk.com/discussion/comment/3150764#Comment_3150764

Except inbound, I'd also like my outbound (server software detect) my vpn's IP. Is it possible?

Don't know maybe @Barnesanger can help us answer that question!

Barnesanger

Running wireguard is very useful for me for many reasons, but my main reason is that i dont have a static ip at home, and as long as the vpn is ddos protected, it helps alot with that, but not 100%.

Look at your vpn as your NAT router at home. When connected, you will use your routers ip around the internet. If you want to run a webserver, open the ports, and route it to the correct local ip set by wireguard. There is also a "kill switch", so your server blocks ALL traffic but your vpn.

Lets say you run www.domain.com on your server behind your vpn :

www.domain.com - Wireguard vpn - Your server
For a response : Server - wirequard - Back to client

Your real ip is never shown to the client.

Personally im running 8 gameservers, like 50 websites, plex, ftp, ssh and alot more through wireguard. Works perfectly for me.

If set up correct, everything auto connects up at reboots. One more benefit is that you dont have to open any ports in your router. Only the firewall on the server needs to be open for your services running there.

Wireguard also encrypts all traffic between vpn and server. Wireguard also needs somewhat good cpu if you expect to pull full 1gbit in both directions because of this.

DrSlime

Its difficult as you need route all outbound and inbound traffic to your vpn.

Your VPN will need full nat on a port to port basis for inbound traffic to your vps. (Normal whitelist port on vps only works when the traffic directly going to your vps, so ip will be exposed.)

You then have to leave a specific port on vpn for out bound traffic which trying to access third party website. (This to ensure that people cant ask your vps to visit their site which they can log your ip address).

You need root access to your vpn's server to do all above thing.

jahrinc

@Barnesanger In my case is a VPS, so I guess should work the same?

New to this not experienced

domain -> vpn -> vps with nginx

Barnesanger

@jahrinc said:
@Barnesanger In my case is a VPS, so I guess should work the same?

New to this not experienced

domain -> vpn -> vps with nginx

Yes, if set up right it will work