I want to move away from Cloudflare tunnels, so I rented a cheap VPS from Hetzner and tried to follow this guide. Unfortunately, the WireGuard setup didn’t work. I’m trying to forward all traffic from the VPS to my homeserver and vice versa. Are there any other ways to solve this issue?

VPS Info:

OS: Debian 12

Architecture: ARM64 / aarch64

RAM: 4 GB

Traffic: 20 TB

  • Admiral Patrick
    link
    fedilink
    English
    38 months ago

    I believe iptables --flush should clear out any entries you’ve made. You can also reboot and clear them (unless you’ve got scripts bound to your interface up/down config that adds rules).

    Basically just need to get any custom iptables rules you made out of there and then re-implement any FW rules with ufw

    You can still use iptables alongside UFW, but I only use those for more complex things like port forwarding, masquerading, etc.

    • @AlexPewMaster@lemmy.zipOP
      link
      fedilink
      English
      28 months ago

      Alright, I switched to ufw and… it’s still not working. sigh

      Should we just try something completely different? WireGuard doesn’t seem to be working on my VPS. Someone in the comments mentioned tunneling via SSH, sounds interesting.

      • Admiral Patrick
        link
        fedilink
        English
        3
        edit-2
        8 months ago

        That would work, but I’ve noticed performance isn’t as good as a UDP VPN that uses the kernel’s tun module. OpenVPN is also an option, but it’s a LOT more involved to configure (I used to run it before Wireguard existed).

        The oddest part is you can’t get a netcat message through. That implies firewall somewhere.

        What is the output of your ufw status ?

        • @AlexPewMaster@lemmy.zipOP
          link
          fedilink
          English
          28 months ago

          I’ve added some different ports for the future, but this is my ufw status:

          Status: active
          
          To                         Action      From
          --                         ------      ----
          OpenSSH                    ALLOW       Anywhere                  
          51820                      ALLOW       Anywhere                  
          2333                       ALLOW       Anywhere                  
          80                         ALLOW       Anywhere                  
          81                         ALLOW       Anywhere                  
          443                        ALLOW       Anywhere                  
          80/tcp                     ALLOW       Anywhere                  
          OpenSSH (v6)               ALLOW       Anywhere (v6)             
          51820 (v6)                 ALLOW       Anywhere (v6)             
          2333 (v6)                  ALLOW       Anywhere (v6)             
          80 (v6)                    ALLOW       Anywhere (v6)             
          81 (v6)                    ALLOW       Anywhere (v6)             
          443 (v6)                   ALLOW       Anywhere (v6)             
          80/tcp (v6)                ALLOW       Anywhere (v6)
          
          • Admiral Patrick
            link
            fedilink
            English
            18 months ago

            I can’t recall if ufw opens both TCP and UDP or just TCP by default.

            Try explicitly allowing 51820/udp with ufw allow 51820/udp

            • @AlexPewMaster@lemmy.zipOP
              link
              fedilink
              English
              2
              edit-2
              8 months ago

              I’ve added the firewall rule and it still says no port[s] to connect to whenever I run echo "Testing" | nc -u SERVER_IP -p 51820. I feel like you’re trying to stay on a sinking ship, so I would suggest to try another method to see if we even can get the whole “bypass CGNAT with a VPS” thing to work at all.

              Update: I’ve tried setting up SSH tunneling instead and it STILL doesn’t work. I contacted Hetzner support about this issue and I’m hoping that they can resolve the firewall issues that I’m having.