All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Reverse Proxy through CGNAT (VPS Solution)
Anyone ever deal with trying to access a home server on and trying to bypass the CGNAT limitations? I have heard you can reverse proxy through it, but I'm not even sure what all software I need to make it work.
Is this accurate?
VPS
nginx
Wireguard
I'm using unraid on the home server side, and tried vultr for the VPS but it is not working. I can connect the two together, so it makes the VPN network but no traffic gets rerouted or flows through it. I'm guessing my firewall rules are not working for some reason.
PostUp = iptables -t nat -A PREROUTING -p tcp -i wg0 ! --dport 22 -j DNAT --to-destination 10.1.0.2; iptables -t nat -A POSTROUTING -o enp1s0 -j SNAT --to-source 1.2.3.4; iptables -t nat -A PREROUTING -p udp -i wg0 ! --dport 51820 -j DNAT --to-destination 10.1.0.2
PostDown = iptables -t nat -D PREROUTING -p tcp -i wg0 ! --dport 22 -j DNAT --to-destination 10.1.0.2; iptables -t nat -D POSTROUTING -o enp1s0 -j SNAT --to-source 1.2.3.4; iptables -t nat -D PREROUTING -p udp -i wg0 ! --dport 51820 -j DNAT --to-destination 10.1.0.2
Few things:
VPS - 10.1.0.1
UnRAID Server on home network: 10.1.0.2
I want all traffic to go to 10.1.0.2 except SSH and wireguard.
Comments
cant you use something like tailscale?
Please check this: https://github.com/fatedier/frp
You install it on your Vultr VPS and on your Unraid server and then select which ports you want to forward. I think it will suit your needs.
also try tinc vpn
I recommend Tailscale/ZeroTier, they can get through CGNAT
Have you enabled IP Forwarding on the VPS that's running as the Wireguard server?
https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux
I'm not sure why you'd need a Reverse Proxy. You should just be able to put a VPN client on your UnRAID server, connect it to the VPN server on your VPS and it will remain connected if your use "PersistentKeepalive" in the Wireguard config
https://www.wireguard.com/quickstart/
This guide covers all the configurations you need, including NAT traversal, so it's probably got what you need to finish your configuration
https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
Can you elaborate more? I have trying softether.org and this tinc-vpn.org and still 'stuck' on wireguard and openvpn technology ... don't need on 3rd-party such as Tailscale/ZeroTier/Warp.
softether is same as openvpn,the only difference is sf support different vpn protocols and can work together.
tinc-vpn require you have a center server for relay and discovery peers.
all peers in tinc-vpn will try to connect directly to each other with help of center server.
And will only use center server for relay traffic if no direct connection can be made.
tinc-vpn are similar to ZT/TS but totally self hosted and support direct connection via ipv6
I'm using rathole to access my raspberry pi on home behind CGNAT
You can always try: https://github.com/xiahualiu/wg_gaming_installer
Just edit add-fullcone-nat.sh with any nftables rules you want.