Home
Does this picture look like what you are trying to accomplish with your WireGuard VPN?
If yes then you've come to the right place! I've tried many different tutorials and guides for port forwarding through a VPN tunnel and found they are all doing one thing that prevents them from being ideal for self-hosting. They employ a double-NAT that hides the source IP from the local server. This guide will:
- Help you set up a WireGuard VPN server on a Virtual Private Server that you have rented from a hosting provider.
- Help you set up a WireGuard client on a local server.
- Help you set up the local server to route all traffic which doesn't have a destination IP in the local network range through the WireGuard tunnel. You will still be able to connect to the server locally.
- Help you set up port-forwarding from the Virtual Private Server to the local server for TCP services.
This guide is fairly specific and only covers setup on a fresh installation of Ubuntu Server 20.04 LTS. Furthermore, all commands are run as root. If you choose to deviate from the prerequisites then I assume you know what you are doing and you are making appropriate deviations from the instructions as well.
- A Virtual Private Server from a hosting provider. (I use a basic one from IONOS, $4 per month.)
- A public IPv4 and IPv6 address. These should usually come with the VPS.
- A fresh install of Ubuntu Server 20.04 LTS. (Don't want any
iptablesor routing rules mucking things up.) - Firewall ports opened that you want to forward to the local server. Do this in the client panel for your hosting provider. This guide does not support software firewalls such as UFW.
- A local server or virtual machine set up on your local network.
- A local IPv4 and IPv6 address. (This guide covers IPv6 but you don't necessarily need a local one assigned by your router.)
- A fresh install of Ubuntu Server 20.04 LTS. (Again, we don't want any
iptablesor routing rules messing with things. A fresh install ensures that these won't be an issue.)