Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Use wireguard only for download (inbound) but use native static IP for outbound
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Use wireguard only for download (inbound) but use native static IP for outbound

edoarudo5edoarudo5 Member

Anyone here have a simple config on how to setup wireguard to use for download only? I still want to access these particular VPSs via their assigned static public IPs through SSH/RDP but will be using my wireguard VPN IPs to download stuff from some exclusive communities that distributes Linux ISOs. These machines also has some services running on their static IP so I wish to retain that (not replace it with the IP of wireguard VPN). Anyone have a similar setup? Or if you could please refer me to a guide somewhere which does this..

Comments

  • ehhthingehhthing Member
    edited May 2021

    You can't do this, I might be misunderstanding but the way that IP works is that it sends replies using your source IP.

    You can do the reverse though (outbound over a tunnel, inbound using your own IP: https://reqrypt.org/reqrypt.html)

    Thanked by 1edoarudo5
  • jmgcaguiclajmgcaguicla Member
    edited May 2021

    @edoarudo5 said:
    I still want to access these particular VPSs via their assigned static public IPs

    What's stopping you from doing so?

    Wireguard only adds another (internal) IP to the host, they still have their public IP intact; in fact, you can access it both either using the internal WG IP or the public IP (ofc given correct firewall rules).

    If you want to use it like a VPN then you just set the default route via the machine you'd like to appear as.

    Thanked by 2edoarudo5 yoursunny
  • Daniel15Daniel15 Veteran
    edited May 2021

    I've found the easiest approach is to use Docker for the services you want to route out via the VPN. Docker lets you configure containers such that their network traffic routes through a different container. That means you can have a Docker container that connects to the VPN, then specify that only particular containers are routed through that VPN connection. Only those containers go through the VPN - the rest of the apps on the system go to the internet directly, and incoming connections (eg SSH) still work fine. I've done this before via OpenVPN using https://hub.docker.com/r/dperson/openvpn-client.

    You could do something with WireGuard like detailed here: https://www.eisfunke.com/article/docker-wireguard-systemd.html

    Note that you probably do want incoming connections for your Linux ISO sharing, so you'll want to do some port forwarding on the other end of the VPN. AirVPN supports port forwarding, or you could just run your own VPN server.

    Thanked by 1edoarudo5
  • Thank you for the answers guys. Your feedbacks pointed me to the right direction. :)

  • Back when I used openvpn clients, this was done using route up/down commands you ran via openvpn scripts during up/down.

    Basically, outgoing traffic defaulted to VPN but incoming traffic on the public interface would respond back over same.

    Thanked by 1edoarudo5
  • @TimboJones said:
    Back when I used openvpn clients, this was done using route up/down commands you ran via openvpn scripts during up/down.

    Basically, outgoing traffic defaulted to VPN but incoming traffic on the public interface would respond back over same.

    Any openvpn example script(s) to share doing this?

  • darkimmortaldarkimmortal Member
    edited June 2021

    If I understand the goal, this is easier without VPN. Proxychains + socks proxy (such as shadowsocks, ssh socks, etc) works well. Add an SSH reverse tunnel if you want to be connectable, not essential

    Thanked by 1edoarudo5
  • This is probably what you want https://github.com/binhex/arch-rtorrentvpn

    Thanked by 1edoarudo5
Sign In or Register to comment.