Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Reverse Proxy through CGNAT (VPS Solution)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Reverse Proxy through CGNAT (VPS Solution)

Anyone ever deal with trying to access a home server on and trying to bypass the CGNAT limitations? I have heard you can reverse proxy through it, but I'm not even sure what all software I need to make it work.

Is this accurate?

VPS
nginx
Wireguard

I'm using unraid on the home server side, and tried vultr for the VPS but it is not working. I can connect the two together, so it makes the VPN network but no traffic gets rerouted or flows through it. I'm guessing my firewall rules are not working for some reason.

PostUp = iptables -t nat -A PREROUTING -p tcp -i wg0 ! --dport 22 -j DNAT --to-destination 10.1.0.2; iptables -t nat -A POSTROUTING -o enp1s0 -j SNAT --to-source 1.2.3.4; iptables -t nat -A PREROUTING -p udp -i wg0 ! --dport 51820 -j DNAT --to-destination 10.1.0.2
PostDown = iptables -t nat -D PREROUTING -p tcp -i wg0 ! --dport 22 -j DNAT --to-destination 10.1.0.2; iptables -t nat -D POSTROUTING -o enp1s0 -j SNAT --to-source 1.2.3.4; iptables -t nat -D PREROUTING -p udp -i wg0 ! --dport 51820 -j DNAT --to-destination 10.1.0.2

Few things:

VPS - 10.1.0.1
UnRAID Server on home network: 10.1.0.2

I want all traffic to go to 10.1.0.2 except SSH and wireguard.

Thanked by 1mandala

Comments

  • cant you use something like tailscale?

  • Please check this: https://github.com/fatedier/frp

    You install it on your Vultr VPS and on your Unraid server and then select which ports you want to forward. I think it will suit your needs.

  • also try tinc vpn

  • I recommend Tailscale/ZeroTier, they can get through CGNAT

  • Have you enabled IP Forwarding on the VPS that's running as the Wireguard server?
    https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux

    I'm not sure why you'd need a Reverse Proxy. You should just be able to put a VPN client on your UnRAID server, connect it to the VPN server on your VPS and it will remain connected if your use "PersistentKeepalive" in the Wireguard config
    https://www.wireguard.com/quickstart/

    This guide covers all the configurations you need, including NAT traversal, so it's probably got what you need to finish your configuration
    https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04

  • @e2bs2k1 said: also try tinc vpn

    Can you elaborate more? I have trying softether.org and this tinc-vpn.org and still 'stuck' on wireguard and openvpn technology ... don't need on 3rd-party such as Tailscale/ZeroTier/Warp.

  • e2bs2k1e2bs2k1 Member
    edited December 2024

    @0xC7 said:

    @e2bs2k1 said: also try tinc vpn

    Can you elaborate more? I have trying softether.org and this tinc-vpn.org and still 'stuck' on wireguard and openvpn technology ... don't need on 3rd-party such as Tailscale/ZeroTier/Warp.

    softether is same as openvpn,the only difference is sf support different vpn protocols and can work together.
    tinc-vpn require you have a center server for relay and discovery peers.
    all peers in tinc-vpn will try to connect directly to each other with help of center server.
    And will only use center server for relay traffic if no direct connection can be made.
    tinc-vpn are similar to ZT/TS but totally self hosted and support direct connection via ipv6

  • I'm using rathole to access my raspberry pi on home behind CGNAT

  • ZachNuyekZachNuyek Member, Patron Provider

    You can always try: https://github.com/xiahualiu/wg_gaming_installer

    Just edit add-fullcone-nat.sh with any nftables rules you want.

Sign In or Register to comment.