Hello,
I am behind CGNAT and don’t have public IP so my WireGuard setup is not accesible from outside, I wanted to setup WireGuard on a VPS with public IP to tunnel traffic to my home.
Currently it seems net-to-net only works if I wanted the VPS to act as peer to connect to my home IPFire, which is not accessible.
Is there a way to setup it other way around, so IPFire is the peer connecting to VPS, so traffic directed towards VPS with public IP can be tunneled to my home network on IPFire?
I was able to do similar setup using IPSec (although not using WebUI but manual configs), but I wanted to try WireGuard and while it’s fresh in IPFire, just wanted to ask if that’s possible (or suggest as a feature for such use case).
It is absolutely possible to have an IPsec/WG VPN connection is there is one peer behind CGNAT. It just has to be that peer that establishes the connection.
Thanks
Agreed, I mentioned I was doing it with IPSec, my home IPFire behind CGNAT act as initiator for connection to VPS, then left/right subnets were visible. It just takes more time to setup.
I did it, but cannot quite get right setup to preserve original player’s IP, game server only seen the tunnel IP address (will be also trying via fwmark and VTI now).
Now I am trying to do it with Tailscale instead with advertise routes (I posted a basic install guide), since I find it a bit easier to manage via portal, might as well try clean WG setup, nevertheless I was exploring WG settings within webUI in IPFire, but gave up on UI setup as IPFire can only act as a server.
The main reason I am posting is if that would be possible option (some day) within webUI of IPFire that it acts as a client initiator?
velifire, yes, that is very close, I think I explored cloudflared as well, but change to VPS option instead, because of no UDP support in free plan, for the configs alone, I am not using blue for now, I might try to separate those homelab vs home stuff some day, I might use some of the rules you have for forwards.