Pass all traffic thru VPS for better speed?
All these cool deals in the USA from these smaller providers always end up being a super slow connection to my home in Canada. But some VPS I already have provide a fast connection to those same providers.
What's the best (or perhaps simplest) way to accomplish passing all the traffic through another server? Or is it better to just setup port by port tunnels or something as needed? Or maybe a VPN with various (or all) ports opened?
What about latency? I like to run small game servers as well, just for myself and a few friends. I've read a lot about different ways to do this but I don't know which is best for my situations.
Please forgive my lack of networking knowledge . That's why the simplest might be the best approach, even if it doesn't fully maximize performance.
imo tailscale. just use the server as an exit node. its very easy to set up
If your VPS has enough RAM & CPU, you can deploy WireGuard Easy on docker.
Tailscale was part of my research I had done, it seemed complicated but I didn't try it. I see that tailscale uses Wireguard. What's the difference between tailscale and Wireguard? It looks like tailscale has a lot more features but perhaps is more complicated to setup?
EDIT: Tailscale up on 2 nodes, seems pretty simple after all. I'll try the exit node setting next.
I did a Wireguard test a few days ago, using Turnkey it was very easy, although I have no idea how to open ports yet. I was searching for something fast like a DMZ type option but I did not find such an option. So you would use Wireguard and then just open up the ports and call it done?
Get a VPS in Canada, close as possible to you, with a good connection to your ISP.
Use that as a jump box for better latency and throughput.
Then connect from that to your US boxes.
I do the same but in a larger scale, a total waste of money, but I love low latency.
Yup that's the plan, I just don't know which method to use.
If you don't have any firewall, etc. just run the docker container as in the guide, and your wireguard server should be up and running.
Put the Server on the VPS, so you don't need open ports.
Sorry I am getting a little confused. Am I supposed to be running Wireguard or whatever VPN software on my home devices as well?
That's not what I was going for, I was going for a server to server solution that works for anyone without anything on their end, say when my friend wants to join one of my game servers. Or I decide to grab a file with a different device, I don't have to connect to the VPN first. So right now I can Wireguard/tailscale the 2 servers together, but then I need a way to route the inbound traffic from the "fast" one to the "slow" one, know what I mean?
Maybe I need SSH tunnels for each port I want to send to the other server then? I think that will add latency, but I tested it awhile ago for a simple HTTP download with a test file and it definitely made it way faster. It's more work to do it for each port but meh, it's doable.
You can "open" one or more port(s), it called DSTNAT. Sok you can install a WG server on your VPS, connect your client and enjoy. For dstnat you might need routing rules on the client to send the traffic back on the proper path.
A few years ago I made this for a friend, he rent a VPS, I installed the WG on that and on Windows client, opened the port, but it only worked properly if I routed all traffic on the Windows computer to the VPS. I don't know about that I can set up policy based routing on a normal Windows 10. So if you want to route only a part of your connection over VPN with opened port it is a hard task with Windows client.
Yes, you will need VPN software installed on all of your devices. On the slow server, fast VPS and home computer.
It is possible that you want, I made same except the port forward. I have a Kimsufi dedi with 100 Mbps IPv4 and 1 Gbps IPv6. I connect KS to my netcup root server and my computer to netcup root server, so netcup-Kimsufi have 1/1 Gbps over IPv6 and my computer-netcup have decent connection too.
With DSTNAT and properly routing you can do that the user provide the VPS IP and it forwards the request to your game server at your home or on your slow server. It is good too if you don't have fix IP or if you don't have public IP.
Set up Wireguard between the two servers and use iptables to DNAT your ports towards the wireguard IP of the slow VPS.
Something like this should do the trick:
Well, yes, if you run a wireguard server, you also need a wireguard client.
You can if your router supports it, setup a wireguard client on it.
And forward the IP ranges you want over the wireguard tunnel.
So you don't need to configure anything on the clients, within your LAN connected to the same router.
Depends how much money you want to spend, rent a /24 IP Block, costs you 100-150$/m and announce your own routes. Works without anything needs to be configured on their end.
But that isn't bulletproof either.
You can try to configure net.ipv4.tcp_congestion_control=bbr for these cool VPS deals in the USA with slow speed.
And if it wouldn't help, then try to use WireGuard to pass over the traffic.
This works but it broke outbound internet connections from the server. So for example I can ssh into it from the Wireguard server's address, that works, but I can't ping google.com from it, I can't update packages, etc. Is it sending that traffic back like a loop?
Which server are you referring to here? What are your wg allowedips set to?
Let's call one slow and the other one with the Wireguard server fast.
I can now do things such as [email protected] which correctly sends it to slow. So the inbound stuff like that works.
The problem is if I try to use the internet from slow, such as pinging google, or updating packages, it doesn't work, DNS works but other than that it's as if it has no internet access.
allowed ips: 10.0.0.1/32