You are not logged in.

Pages: 1

#1 2021-04-13 08:22:39

jtm14tx
Member
Registered: 2021-04-10
Posts: 1

Wireguard VPN on VPS

I have VPS with "extra IPv4" option and would like to run wireguard VPN on it for local computer to appear on network with this extra IPv4. For several reasons I do not want to use address translation and want this second IPv4 to be assigned directly to wg0 network interface on local computer.

Below is how I set up on VPS and local computer. ip1 and ip2 are IP addresses assigned to VPS. localIP is IP of local computer (PPPoE interface configured using pppoe-start from rp-pppoe).

VPS side:

# ip link add dev wg0 type wireguard
# ip address add dev wg0 <ip2 with last bit changed to 0> peer <ip2>
# wg setconf wg0 server.conf
# cat server.conf
[Interface]
ListenPort = 51820
PrivateKey = ...

[Peer]
PublicKey = ...
AllowedIPs = <ip2>/32
Endpoint = <localIP>:51820
# ip link set up dev wg0
# echo 1 > /proc/sys/net/ipv4/ip_forward
# arp -Ds <ip2> ens192 pub

And for local computer. PPPoE is running on separate computer which is configured to do address translation / forwarding of traffic only to <ip1> (for VPN channel to work).

# ip link add wg0 type wireguard
# ip address add dev wg0 <ip2> peer <ip2 with last bit changed to 0>
# wg setconf wg0 client.conf
# cat client.conf
[Interface]
ListenPort = 51820
PrivateKey = ...

[Peer]
PublicKey = ...
AllowedIps = 0.0.0.0/0
Endpoint = <ip1>:51820
# ip link set up dev wg0
# route add default dev wg0

Most of the time it works OK. But sometimes I experience issues. For example <ip2> is not routed to VPS which can be seen from `traceroute <ip2>` (from other computer connected by different means). Are there any problems with this configuration? Specifically I suspect line `arp -Ds <ip2> ens192 pub`. It looks like hack but I don't know how else I can instruct VPS system to listen for <ip2> to be forwarded. Without it I can see a lot of unanswered "Who-IS <ip2>" requests with tcpdump -ennqti ens192. Also last time when connection became broken I tried to run `ifconfig ens192:0 <ip2> up` and then `ifconfig ens192:0 down && arp -Ds <ip2> ens192 pub` after which connectivity restored.

Also "peear <ip2 with last bit changed to 0>" part looks bad. But I have no idea what other address I can assign to the other side of connection. If necessary it is possible to get 3rd extra IPv4 with this VPS provider.

I hope this configuration may help somebody and also interested to hear any suggestions on how to improve.

If someone has experience with good VPS with fast unlimited traffic and preferrably US based IP please advice.

Also, is this possible to use several local connections for faster speeds? I can get several local PPPoE connections 100 mbit/s each, each having separate IP. Can wireguard distribute VPN trafffic among several IPs to get faster speed?

Offline

Pages: 1

Board footer

Powered by FluxBB