Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Pass all traffic thru VPS for better speed?
New on LowEndTalk? Please Register and read our Community Rules.

Pass all traffic thru VPS for better speed?

All these cool deals in the USA from these smaller providers always end up being a super slow connection to my home in Canada. But some VPS I already have provide a fast connection to those same providers.

What's the best (or perhaps simplest) way to accomplish passing all the traffic through another server? Or is it better to just setup port by port tunnels or something as needed? Or maybe a VPN with various (or all) ports opened?

What about latency? I like to run small game servers as well, just for myself and a few friends. I've read a lot about different ways to do this but I don't know which is best for my situations.

Please forgive my lack of networking knowledge :). That's why the simplest might be the best approach, even if it doesn't fully maximize performance.

Comments

  • imo tailscale. just use the server as an exit node. its very easy to set up

    Thanked by 1lowenddude
  • r0xzr0xz Member

    What's the best (or perhaps simplest) way to accomplish passing all the traffic through another server?

    Try wireguard.

    If your VPS has enough RAM & CPU, you can deploy WireGuard Easy on docker.

    Thanked by 1lowenddude
  • lowenddudelowenddude Member
    edited February 7

    @chakraxzz said:
    imo tailscale. just use the server as an exit node. its very easy to set up

    Tailscale was part of my research I had done, it seemed complicated but I didn't try it. I see that tailscale uses Wireguard. What's the difference between tailscale and Wireguard? It looks like tailscale has a lot more features but perhaps is more complicated to setup?
    EDIT: Tailscale up on 2 nodes, seems pretty simple after all. I'll try the exit node setting next.

    @r0xz said:

    What's the best (or perhaps simplest) way to accomplish passing all the traffic through another server?

    Try wireguard.

    If your VPS has enough RAM & CPU, you can deploy WireGuard Easy on docker.

    I did a Wireguard test a few days ago, using Turnkey it was very easy, although I have no idea how to open ports yet. I was searching for something fast like a DMZ type option but I did not find such an option. So you would use Wireguard and then just open up the ports and call it done?

  • NeoonNeoon Member, Community Contributor

    Get a VPS in Canada, close as possible to you, with a good connection to your ISP.
    Use that as a jump box for better latency and throughput.

    Then connect from that to your US boxes.
    I do the same but in a larger scale, a total waste of money, but I love low latency.

  • @Neoon said:
    Get a VPS in Canada, close as possible to you, with a good connection to your ISP.
    Use that as a jump box for better latency and throughput.

    Then connect from that to your US boxes.
    I do the same but in a larger scale, a total waste of money, but I love low latency.

    Yup that's the plan, I just don't know which method to use.

  • r0xzr0xz Member

    So you would use Wireguard and then just open up the ports and call it done?

    If you don't have any firewall, etc. just run the docker container as in the guide, and your wireguard server should be up and running.

  • NeoonNeoon Member, Community Contributor

    @lowenddude said:

    @Neoon said:
    Get a VPS in Canada, close as possible to you, with a good connection to your ISP.
    Use that as a jump box for better latency and throughput.

    Then connect from that to your US boxes.
    I do the same but in a larger scale, a total waste of money, but I love low latency.

    Yup that's the plan, I just don't know which method to use.

    Put the Server on the VPS, so you don't need open ports.

  • Sorry I am getting a little confused. Am I supposed to be running Wireguard or whatever VPN software on my home devices as well?

    That's not what I was going for, I was going for a server to server solution that works for anyone without anything on their end, say when my friend wants to join one of my game servers. Or I decide to grab a file with a different device, I don't have to connect to the VPN first. So right now I can Wireguard/tailscale the 2 servers together, but then I need a way to route the inbound traffic from the "fast" one to the "slow" one, know what I mean?

    Maybe I need SSH tunnels for each port I want to send to the other server then? I think that will add latency, but I tested it awhile ago for a simple HTTP download with a test file and it definitely made it way faster. It's more work to do it for each port but meh, it's doable.

  • adnsadns Member

    @lowenddude said:

    @chakraxzz said:
    imo tailscale. just use the server as an exit node. its very easy to set up

    Tailscale was part of my research I had done, it seemed complicated but I didn't try it. I see that tailscale uses Wireguard. What's the difference between tailscale and Wireguard? It looks like tailscale has a lot more features but perhaps is more complicated to setup?
    EDIT: Tailscale up on 2 nodes, seems pretty simple after all. I'll try the exit node setting next.

    @r0xz said:

    What's the best (or perhaps simplest) way to accomplish passing all the traffic through another server?

    Try wireguard.

    If your VPS has enough RAM & CPU, you can deploy WireGuard Easy on docker.

    I did a Wireguard test a few days ago, using Turnkey it was very easy, although I have no idea how to open ports yet. I was searching for something fast like a DMZ type option but I did not find such an option. So you would use Wireguard and then just open up the ports and call it done?

    You can "open" one or more port(s), it called DSTNAT. Sok you can install a WG server on your VPS, connect your client and enjoy. For dstnat you might need routing rules on the client to send the traffic back on the proper path.

    A few years ago I made this for a friend, he rent a VPS, I installed the WG on that and on Windows client, opened the port, but it only worked properly if I routed all traffic on the Windows computer to the VPS. I don't know about that I can set up policy based routing on a normal Windows 10. So if you want to route only a part of your connection over VPN with opened port it is a hard task with Windows client.

    @lowenddude said:
    Sorry I am getting a little confused. Am I supposed to be running Wireguard or whatever VPN software on my home devices as well?

    That's not what I was going for, I was going for a server to server solution that works for anyone without anything on their end, say when my friend wants to join one of my game servers. Or I decide to grab a file with a different device, I don't have to connect to the VPN first. So right now I can Wireguard/tailscale the 2 servers together, but then I need a way to route the inbound traffic from the "fast" one to the "slow" one, know what I mean?

    Maybe I need SSH tunnels for each port I want to send to the other server then? I think that will add latency, but I tested it awhile ago for a simple HTTP download with a test file and it definitely made it way faster. It's more work to do it for each port but meh, it's doable.

    Yes, you will need VPN software installed on all of your devices. On the slow server, fast VPS and home computer.

    It is possible that you want, I made same except the port forward. I have a Kimsufi dedi with 100 Mbps IPv4 and 1 Gbps IPv6. I connect KS to my netcup root server and my computer to netcup root server, so netcup-Kimsufi have 1/1 Gbps over IPv6 and my computer-netcup have decent connection too.

    With DSTNAT and properly routing you can do that the user provide the VPS IP and it forwards the request to your game server at your home or on your slow server. It is good too if you don't have fix IP or if you don't have public IP.

    Thanked by 1lowenddude
  • Peppery9Peppery9 Member
    edited February 7

    Set up Wireguard between the two servers and use iptables to DNAT your ports towards the wireguard IP of the slow VPS.

    Something like this should do the trick:

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 172.16.1.20:80
    
    iptables -A FORWARD -p tcp -d 172.16.1.20 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    
    Thanked by 1lowenddude
  • NeoonNeoon Member, Community Contributor
    edited February 7

    Well, yes, if you run a wireguard server, you also need a wireguard client.

    You can if your router supports it, setup a wireguard client on it.
    And forward the IP ranges you want over the wireguard tunnel.

    So you don't need to configure anything on the clients, within your LAN connected to the same router.

    Depends how much money you want to spend, rent a /24 IP Block, costs you 100-150$/m and announce your own routes. Works without anything needs to be configured on their end.

    But that isn't bulletproof either.

    Thanked by 1lowenddude
  • vsys_hostvsys_host Member, Host Rep

    @lowenddude
    You can try to configure net.ipv4.tcp_congestion_control=bbr for these cool VPS deals in the USA with slow speed.

    And if it wouldn't help, then try to use WireGuard to pass over the traffic.

  • @Peppery9 said:
    Set up Wireguard between the two servers and use iptables to DNAT your ports towards the wireguard IP of the slow VPS.

    Something like this should do the trick:

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 172.16.1.20:80
    
    iptables -A FORWARD -p tcp -d 172.16.1.20 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    

    This works but it broke outbound internet connections from the server. So for example I can ssh into it from the Wireguard server's address, that works, but I can't ping google.com from it, I can't update packages, etc. Is it sending that traffic back like a loop?

  • @lowenddude said:

    @Peppery9 said:
    Set up Wireguard between the two servers and use iptables to DNAT your ports towards the wireguard IP of the slow VPS.

    Something like this should do the trick:

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 172.16.1.20:80
    
    iptables -A FORWARD -p tcp -d 172.16.1.20 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    

    This works but it broke outbound internet connections from the server. So for example I can ssh into it from the Wireguard server's address, that works, but I can't ping google.com from it, I can't update packages, etc. Is it sending that traffic back like a loop?

    Which server are you referring to here? What are your wg allowedips set to?

  • @Peppery9 said:

    @lowenddude said:

    @Peppery9 said:
    Set up Wireguard between the two servers and use iptables to DNAT your ports towards the wireguard IP of the slow VPS.

    Something like this should do the trick:

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 172.16.1.20:80
    
    iptables -A FORWARD -p tcp -d 172.16.1.20 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    

    This works but it broke outbound internet connections from the server. So for example I can ssh into it from the Wireguard server's address, that works, but I can't ping google.com from it, I can't update packages, etc. Is it sending that traffic back like a loop?

    Which server are you referring to here? What are your wg allowedips set to?

    Let's call one slow and the other one with the Wireguard server fast.

    I can now do things such as [email protected] which correctly sends it to slow. So the inbound stuff like that works.

    The problem is if I try to use the internet from slow, such as pinging google, or updating packages, it doesn't work, DNS works but other than that it's as if it has no internet access.

    allowed ips: 10.0.0.1/32

Sign In or Register to comment.