New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Use wireguard only for download (inbound) but use native static IP for outbound
Anyone here have a simple config on how to setup wireguard to use for download only? I still want to access these particular VPSs via their assigned static public IPs through SSH/RDP but will be using my wireguard VPN IPs to download stuff from some exclusive communities that distributes Linux ISOs. These machines also has some services running on their static IP so I wish to retain that (not replace it with the IP of wireguard VPN). Anyone have a similar setup? Or if you could please refer me to a guide somewhere which does this..
Comments
You can't do this, I might be misunderstanding but the way that IP works is that it sends replies using your source IP.
You can do the reverse though (outbound over a tunnel, inbound using your own IP: https://reqrypt.org/reqrypt.html)
What's stopping you from doing so?
Wireguard only adds another (internal) IP to the host, they still have their public IP intact; in fact, you can access it both either using the internal WG IP or the public IP (ofc given correct firewall rules).
If you want to use it like a VPN then you just set the default route via the machine you'd like to appear as.
I've found the easiest approach is to use Docker for the services you want to route out via the VPN. Docker lets you configure containers such that their network traffic routes through a different container. That means you can have a Docker container that connects to the VPN, then specify that only particular containers are routed through that VPN connection. Only those containers go through the VPN - the rest of the apps on the system go to the internet directly, and incoming connections (eg SSH) still work fine. I've done this before via OpenVPN using https://hub.docker.com/r/dperson/openvpn-client.
You could do something with WireGuard like detailed here: https://www.eisfunke.com/article/docker-wireguard-systemd.html
Note that you probably do want incoming connections for your Linux ISO sharing, so you'll want to do some port forwarding on the other end of the VPN. AirVPN supports port forwarding, or you could just run your own VPN server.
Thank you for the answers guys. Your feedbacks pointed me to the right direction.
Back when I used openvpn clients, this was done using route up/down commands you ran via openvpn scripts during up/down.
Basically, outgoing traffic defaulted to VPN but incoming traffic on the public interface would respond back over same.
Any openvpn example script(s) to share doing this?
If I understand the goal, this is easier without VPN. Proxychains + socks proxy (such as shadowsocks, ssh socks, etc) works well. Add an SSH reverse tunnel if you want to be connectable, not essential
This is probably what you want https://github.com/binhex/arch-rtorrentvpn