Cloud – VPS hosted by OVH
Work – Virtual Machine internal

Install Ubuntu Server 21.04 on both servers, including SSH Server. Run updates & reboot.

sudo apt update -y && sudo apt upgrade -y && sudo shutdown -r now

On both servers:

sudo apt install software-properties-common

sudo apt install wireguard -y

(umask 077 && printf "[Interface]\nPrivateKey= " | sudo tee /etc/wireguard/wg0.conf > /dev/null)

wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey

Make a note of both servers’ public keys.

Make a note of both servers’ public keys.

On the Cloud VPS Server:

sudo nano /etc/wireguard/wg0.conf

Edit it to look like this:

[Interface]
PrivateKey = <private key should be here>
ListenPort = 55107
Address = 192.168.4.1
[Peer]
PublicKey = <paste the public key from your work server here>
AllowedIPs = 192.168.4.2/32

On the Work Virtual Machine:

sudo nano /etc/wireguard/wg0.conf

Edit it to look like this:

[Interface]
PrivateKey = <private key should be here>
Address = 192.168.4.2
[Peer]
PublicKey = <paste the public key from your VPS here>
AllowedIPs = 192.168.4.1/32
Endpoint = <paste the public ipv4 address of your VPS here>:55107
PersistentKeepalive = 25

On the Cloud VPS server:

sudo nano /etc/sysctl.conf

Uncomment this line:

#net.ipv4.ip_forward=1

Then type these commands:

sudo sysctl -p

sudo sysctl --system

On both servers:

sudo systemctl start wg-quick@wg0

sudo systemctl enable wg-quick@wg0

Test connectivity:

On Cloud, ping 192.168.4.2

On Work, ping 192.168.4.1

On the Cloud VPS, setup Firewall rules:

Note: Replace eth0 with your NICs name. Find out by typing: ip -c a

sudo iptables -P FORWARD DROP

sudo iptables -A FORWARD -i eth0 -o wg0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT

sudo iptables -A FORWARD -i eth0 -o wg0 -p tcp --syn --dport 443 -m conntrack --ctstate NEW -j ACCEPT

sudo iptables -A FORWARD -i wg0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -A FORWARD -i wg0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.4.2

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.4.2

sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 80 -d 192.168.4.2 -j SNAT --to-source 192.168.4.1

sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 443 -d 192.168.4.2 -j SNAT --to-source 192.168.4.1

Save the rules:

sudo apt install netfilter-persistent

sudo netfilter-persistent save

sudo systemctl enable netfilter-persistent

sudo apt install iptables-persistent

Enable the Firewall:

sudo ufw enable

sudo ufw start

On the Work Virtual Machine:

Install NPM Script:

cd /tmp

wget https://github.com/bmcgonag/docker_installs/archive/refs/heads/main.zip

unzip inst*

cd inst*

sudo chmod +x inst*

sudo ./inst*

Follow on screen instructions.