Cloud – VPS hosted by OVH
Work – Virtual Machine internal
Install Ubuntu Server 21.04 on both servers, including SSH Server. Run updates & reboot.
sudo apt update -y && sudo apt upgrade -y && sudo shutdown -r now
On both servers:
sudo apt install software-properties-common
sudo apt install wireguard -y
(umask 077 && printf "[Interface]\nPrivateKey= " | sudo tee /etc/wireguard/wg0.conf > /dev/null)
wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey
Make a note of both servers’ public keys.
Make a note of both servers’ public keys.
On the Cloud VPS Server:
sudo nano /etc/wireguard/wg0.conf
Edit it to look like this:
[Interface]
PrivateKey = <private key should be here>
ListenPort = 55107
Address = 192.168.4.1
[Peer]
PublicKey = <paste the public key from your work server here>
AllowedIPs = 192.168.4.2/32
On the Work Virtual Machine:
sudo nano /etc/wireguard/wg0.conf
Edit it to look like this:
[Interface]
PrivateKey = <private key should be here>
Address = 192.168.4.2
[Peer]
PublicKey = <paste the public key from your VPS here>
AllowedIPs = 192.168.4.1/32
Endpoint = <paste the public ipv4 address of your VPS here>:55107
PersistentKeepalive = 25
On the Cloud VPS server:
sudo nano /etc/sysctl.conf
Uncomment this line:
#net.ipv4.ip_forward=1
Then type these commands:
sudo sysctl -p
sudo sysctl --system
On both servers:
sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0
Test connectivity:
On Cloud, ping 192.168.4.2
On Work, ping 192.168.4.1
On the Cloud VPS, setup Firewall rules:
Note: Replace eth0 with your NICs name. Find out by typing: ip -c a
sudo iptables -P FORWARD DROP
sudo iptables -A FORWARD -i eth0 -o wg0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wg0 -p tcp --syn --dport 443 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.4.2
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.4.2
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 80 -d 192.168.4.2 -j SNAT --to-source 192.168.4.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 443 -d 192.168.4.2 -j SNAT --to-source 192.168.4.1
Save the rules:
sudo apt install netfilter-persistent
sudo netfilter-persistent save
sudo systemctl enable netfilter-persistent
sudo apt install iptables-persistent
Enable the Firewall:
sudo ufw enable
sudo ufw start
On the Work Virtual Machine:
Install NPM Script:
cd /tmp
wget https://github.com/bmcgonag/docker_installs/archive/refs/heads/main.zip
unzip inst*
cd inst*
sudo chmod +x inst*
sudo ./inst*
Follow on screen instructions.