You are not logged in.
First about my setup: I have a Homeserver that I'm running a gameserver on using LinuxGSM and I want to be able to connect to it from the internet. Unfortunately my router only has a public IPv6 address (Dual-Stack Lite) which is not supported by LinuxGSM. So I rented a small vServer with a public IPv4 address to tunnel incoming traffic from it to my Homeserver using WireGuard. First of all, is that even a good idea?
Now I'm not even sure what the best practice using WireGuard would be. Should I just follow the manual WireGuard setup and then I have a point-to-point connection?
According to ip add my Homeserver has a public IPv6 address and internal IPv4 and IPv6 addresses. My vServer only has a public IPv4 address (even though I think I could also get a public IPv6 address) and an internal IPv6 address.
So the setup of the two peers would look like this:
Homeserver
# ip link add dev wg0 type wireguard
# ip addr add {homeservers internal IPv4} dev wg0
# ip addr add {homeservers internal IPv6} dev wg0
# wg set wg0 listen-port 2456 private-key /path/to/homeserver.key
# wg set wg0 peer VSERVER_PUBLIC_KEY preshared-key /path/to/homeserver-vserver.psk endpoint {vservers public IPv4}:2456 allowed-ips {vservers internal IPv6}
# ip link set wg0 up
vServer
# ip link add dev wg0 type wireguard
# ip addr add {vservers internal IPv6} dev wg0
# wg set wg0 listen-port 2456 private-key /path/to/vserver.key
# wg set wg0 peer HOMESERVER_PUBLIC_KEY preshared-key /path/to/homeserver-vserver.psk endpoint {homeservers public IPv6}:2456 allowed-ips {homeservers internal IPv4,homeservers internal IPv6}
# ip link set wg0 up
Is that correct? Don't I have to put my routers public IP address here anywhere? Sorry for this very newbish questions, networking is really something else. Also can I just mix IPv4 and IPv6, because I don't think so. What kind of translation would be necessary?
EDIT
Some miscellaneous info:
I've just tried the config above and my vServer seems to accept it, whereas my Homeserver gets unresponsive and I have to reboot the system manually.
Also the Homeserver is obviously at my home, whereas the vServer is running in a data center somewhere. I'm connected to both of them using SSH.
And my Homeserver is running Arch Linux, but the vServer is running Debian, but the WireGuard setup is identical I guess.
Last edited by 6rJ27GKfu (2021-02-19 12:40:40)
Offline
1. I don't understand why you're setting up wireguard tunnel with the set of commands instead of using persistent configuration which is easier to manage imho.
2. In order for this to work you need to add routing rules so some packets could be routed over the tunnel you created. Wireguard-tools with wg-quick script can do it for you.
3. If you want to use VPS as a wireguard peer and route some traffic over it, you need to a) enable ip forwarding on it, b) configure its firewall to masquerade wireguard traffic (otherwise it cannot go beyond VPS-provider's local network) and to open the corresponding UDP port (which should be higher than 2456, something like 50000 would be better).
I think the best way for now to configure wireguard is using wg-quick. Some of its configuration described in the wiki.
Last edited by finoderi (2021-02-20 11:28:30)
Offline