I´m trying to setup a wireguard vpn server in the cloud, so that i can have a static ip address cheaper than at home, but i want to route all the traffic back down to my home firewall (pfsense) so that i show to the internet with my usual dynamic public ip my isp gives me.
basically i want to setup a server in the cloud and route all the traffic back down to my pfsense router
i´m at a lose at trying to make all the traffic go down to my pfsense firewall, any idea?
Basically, you need to start up a VPN server on the VPS, establish a VPN connection from your home network to the VPN server, then port forward from the VPS back. I have some specific instructions here: https://www.pcwrt.com/2023/02/how-to-port-forward-with-a-vpn-connection/
ok let me see if i understand
you want a VPN on the cloud so you can have a static ip… cheaper?..
“but i want to route all the traffic back down to my home firewall (pfsense) so that i show to the internet with my usual dynamic public ip my isp gives me.”… if im deciphering this correctly… you want any device that connects to your cloud VPN to use the IP address of your home
ok
I dont know your point of “cheaper” since you can use a free DDNS service, i dont know where the cost would come from but ok, you can get a free DDNS instead of a cloud VPS that has a monthly cost.
What i do on this front is i bought a cloudflare domain name; for some reason .UK domains (i dont live in the uk) are cheap I pay $4.57 a year for my domain as opposed to a VPS thats $3.50 a month (vultr), so i got a .UK since all i care is the domain.
then using docker i have a DDNS that tells cloudflare what my home IP is, and thus i can use my domain to point to my home and to my docker container wireguard, when i connect to my wireguard network from any device i get the IP address of my home
as far as wireguard configuration; I have only configured wireguard in a server-client relationship where the clients take the IP address of the server they connect to, in my case my home server running wireguard docker and i am not using the standard wireguard port for obfuscation
for your setup, if i am deciphering what you said…
you want a VPS to be a server to which clients connect… and also you want your home router to be a client but you want all the traffic of the VPS wireguard to route back through the home router…and to use the IP of the home router
sounds like the home router should be the server… but… there might be a way
if you really want that type of setup (i’ll be honest, sound a little crazy and would take more work) you should look into using Netmaker, install that in the VPS. It is a Wireguard protocol thing that allows you to make networks and map very complex things, Netmaker has a gui interface which will make it easier than trying to figure things out than in a text file in just wireguard.
I setup Netmaker once on a VPS, it is very complex and i quit trying to figure it out, good luck
you can go the easier way and install tailscale on both machines & set your home firewall as your server’s exit node
You’re looking for a gre tunnel. Should work just about the same with wireguard as it would with any other tunneling software.
Question 1. Why not use DDNS?
Question 2. what do you want to achieve? What is your use case?
If you want to route traffic from the VPN network to your local LAN then just the the allowedIP for your pfsense box on your server to your home network range or use the ‚route‘ command to donut manually. And to forward to web services on your local network install a reverse proxy like HAproxy, caddy, traefik or nginx and configure the proxy routes respectively.
To clarify, Cloudzy’s one-click WireGuard app can be a suitable solution for your use case. It simplifies the setup process significantly, making it easier to get your WireGuard VPN server up and running quickly.
Not OP but for question 1, I’ve seen ISPs these days who
A. Don’t offer ipv6
B. On ipv4, make you use CGNAT if you don’t pay for static IP, so you can’t do any port forwarding since you’re sharing an IP with a few other people
I am aware of these points that‘s why I asked for the reason why no DDNS.
As an additional point C. OP may not know about DDNS. Also OP said they have a dynamic IP and with that description I assume at first they have atleast an IPv4.