Hello!
The past few days im trying to set up a VPN tunnel (with wireguard) to my droplet. The only reason why i do this is so i can open the Ports on my VPS because my ISP doenst allow port forwading/opening and i dont have my own public IPv4.
Thats why i wanted to create a VPS and connect my self to it via wireguard.
I have no clue at all what im doing (hehe) and only using chatgpt to go around.
I managed to create the VPN and i can also connect to it and it shows the IP on “whatsmyip”.
But when i open the ports my NAT type is still on strict ingame and not open.
I also cant telnet the ports i opened on my droplet.
So i basically just want to know if this is even possible or if im wasting my time
Thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
You’re on the right track, but there are a few steps that might need tweaking to achieve what you want.
1. WireGuard and Port Forwarding:
- WireGuard Setup: WireGuard is essentially creating a secure tunnel between your local machine and the VPS. Traffic from your machine exits onto the internet from your VPS.
- Port Forwarding on the VPS: You need to ensure that the VPS is correctly forwarding traffic on specific ports to your local machine through the WireGuard tunnel.
2. Troubleshooting Steps:
-
Ensure Correct IP Routing:
-
Make sure your VPS is correctly routing the traffic back to your local machine over the WireGuard interface.
-
You should have something like this in your WireGuard configuration on the VPS:
-
[Peer]
PublicKey = <Your_Local_Machine_Public_Key>
AllowedIPs = <Your_Local_Machine_WG_IP>/32
-
- On your local machine, the
AllowedIPssetting should be set to0.0.0.0/0if you want all traffic to go through the VPS.
- On your local machine, the
-
Port Forwarding:
- On the VPS, you’ll need to set up port forwarding rules using
iptablesor a similar firewall tool.
- On the VPS, you’ll need to set up port forwarding rules using
sudo iptables -A FORWARD -i wg0 -o eth0 -p tcp --syn --dport <port> -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport <port> -j DNAT --to-destination <Your_Local_Machine_WG_IP>:<port>
sudo iptables -A POSTROUTING -t nat -o wg0 -p tcp --dport <port> -d <Your_Local_Machine_WG_IP> -j MASQUERADE
-
- Replace
<port>with the specific port you’re trying to open and<Your_Local_Machine_WG_IP>with the WireGuard IP address of your local machine.
- Replace
-
Check Firewalls:
- Ensure that both the VPS and your local machine’s firewalls allow traffic on the ports you want to open.
- You can check if the ports are open by running
telnet <VPS_IP> <port>from a different machine.
-
Game and NAT Type:
- Some games require specific ports to be open to achieve an “Open” NAT type.
- Ensure that the game’s required ports are forwarded from the VPS to your local machine correctly.
- Use online tools or network monitoring software to verify the traffic flow.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.