Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need help to install wireguard on NAT VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need help to install wireguard on NAT VPS

Sanjue007Sanjue007 Member
edited March 2021 in Help

Can someone tell me how to setup wireguard on a NAT. A tutorial would be much better

Comments

  • https://github.com/Nyr/wireguard-install by @Nyr which works fine on NAT after enabling TUN

    Thanked by 3Sanjue007 kkrajk Nyr
  • https://talk.lowendspirit.com/discussion/comment/60194/#Comment_60194

    Thanked by 1Sanjue007
  • Google blocked in your country?

  • Daniel15Daniel15 Veteran
    edited March 2021

    Is it KVM, OpenVZ or LXC?

    On a KVM VPS you just need to use a modern kernel (5.6 or newer) and install the userland tools (apt install wireguard).

    OpenVZ and LXC are trickier as you need to use the userspace implementation (wireguard-go or boringtun), and for wireguard-go you need to adjust the memory limits if it's a low RAM VPS (256 MB or lower). I wrote this guide a while back for OpenVZ: https://d.sb/2019/07/wireguard-on-openvz-lxc

    If you don't want to compile wireguard-go yourself, you can try the version I compiled. It's a bit old but should still work even on OpenVZ6: http://d.ls/wireguard/wireguard-go-v0.0.20191012

    After installing WireGuard, any WireGuard guide will work. The exact configuration depends on your use case - Do you want a point-to-point network (where you use the VPN to communicate directly between the servers) or a routed network (where you route traffic over the VPN, like what most commercial "VPN" services provide)? The former is easier as you don't need to mess with iptables rules.

    Thanked by 3xetsys Sanjue007 Ganonk
  • jarjar Patron Provider, Top Host, Veteran

    @kuduku said:
    https://github.com/Nyr/wireguard-install by @Nyr which works fine on NAT after enabling TUN

    I’ve been struggling to get it working with a second address on v4 and v6 side (after announcing them with bird), and damn, this script just settled it.

    Thanked by 1Sanjue007
  • @TimboJones said:
    Google blocked in your country?

    when people search it for him why would he

    Thanked by 1skorupion
  • But after testing V2ray for a week it seems its 25-40% faster than wireguard .
    I am using it Adguard + unbound + V2ray configuration

  • @kuduku said:
    But after testing V2ray for a week it seems its 25-40% faster than wireguard .
    I am using it Adguard + unbound + V2ray configuration

    There’s the simple installer for v2ray like wireguard? :smile:

  • @youandri said:

    @kuduku said:
    But after testing V2ray for a week it seems its 25-40% faster than wireguard .
    I am using it Adguard + unbound + V2ray configuration

    There’s the simple installer for v2ray like wireguard? :smile:

    yes
    I have been using this Chinese website and it has been working great
    https://blog.sprov.xyz/2019/08/03/v2-ui/
    https://github.com/sprov065/v2-ui/releases

  • @kuduku said:

    @youandri said:

    @kuduku said:
    But after testing V2ray for a week it seems its 25-40% faster than wireguard .
    I am using it Adguard + unbound + V2ray configuration

    There’s the simple installer for v2ray like wireguard? :smile:

    yes
    I have been using this Chinese website and it has been working great
    https://blog.sprov.xyz/2019/08/03/v2-ui/
    https://github.com/sprov065/v2-ui/releases

    What does "Trojan" reference in the 5.4.5 changes in the second link mean?

    Thanks

  • @TimboJones said:

    @kuduku said:

    @youandri said:

    @kuduku said:
    But after testing V2ray for a week it seems its 25-40% faster than wireguard .
    I am using it Adguard + unbound + V2ray configuration

    There’s the simple installer for v2ray like wireguard? :smile:

    yes
    I have been using this Chinese website and it has been working great
    https://blog.sprov.xyz/2019/08/03/v2-ui/
    https://github.com/sprov065/v2-ui/releases

    What does "Trojan" reference in the 5.4.5 changes in the second link mean?

    Thanks

    Another protocol i think to connect

    Thanked by 1TimboJones
  • TimboJonesTimboJones Member
    edited March 2021

    @webclouddev said:

    @TimboJones said:
    Google blocked in your country?

    when people search it for him why would he

    Because that would make him a handheld bitch.

    Seriously, one should get a little familiar and do some basic search before asking for help. That way you're in a better position to ask better questions and understand the help given. Those kinds of people are drags on society (leeches) and I ain't got no time for that.

    Thanked by 2webclouddev Void
  • @TimboJones said:

    @kuduku said:

    @youandri said:

    @kuduku said:
    But after testing V2ray for a week it seems its 25-40% faster than wireguard .
    I am using it Adguard + unbound + V2ray configuration

    There’s the simple installer for v2ray like wireguard? :smile:

    yes
    I have been using this Chinese website and it has been working great
    https://blog.sprov.xyz/2019/08/03/v2-ui/
    https://github.com/sprov065/v2-ui/releases

    What does "Trojan" reference in the 5.4.5 changes in the second link mean?

    Thanks

    im suspecting RAT

  • @TimboJones said:

    @webclouddev said:

    @TimboJones said:
    Google blocked in your country?

    when people search it for him why would he

    Because that would make him a handheld bitch.

    Seriously, one should get a little familiar and do some basic search before asking for help. That way you're in a better position to ask better questions and understand the help given. Those kinds of people are drags on society (leeches) and I ain't got no time for that.

    exactly, even simple search like 'wireguard installer' in google shows nyr script in second

  • Can someone help me with the issue I'm having? I installed wireguard with https://github.com/Nyr/wireguard-install on microLXC. I previously installed it on another KVM VPS and it went smoothly, but now, something's missing which doesn't allow me to connect.

    Since it didn't work on the first try, I searched and tried different fixes and came across the article which @Daniel15 wrote and linked here. I did all the steps from there, but I still can't connect from the client.

    Server config:

    [Interface]
    Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64
    PrivateKey = xxx
    ListenPort = 51820
    PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0;ip6tables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0
    PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -j MASQUERADE -o eth0;ip6tables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -j MASQUERADE -o eth0

    BEGIN_PEER client
    [Peer]
    PublicKey = xxx
    PresharedKey = xxx
    AllowedIPs = 10.7.0.2/24, fddd:2c4:2c4:2c4::2/128
    END_PEER client

    Client config:

    [Interface]
    Address = 10.7.0.2/24, fddd:2c4:2c4:2c4::2/64
    DNS = 94.140.14.14, 94.140.15.15
    PrivateKey = xxx

    [Peer]
    PublicKey = xxx
    PresharedKey = xxx
    AllowedIPs = 0.0.0.0/0, ::/0
    Endpoint = xxx:51820
    PersistentKeepalive = 25

    I uncommented net.ipv4.ip_forward=1. On the wg output, there's no handshake nor transfer:

    interface: wg0
    public key: xxx
    private key: (hidden)
    listening port: 51820

    peer: xx
    preshared key: (hidden)
    allowed ips: 10.7.0.0/24, fddd:2c4:2c4:2c4::2/128

    I can't ping the client (ping works otherwise) and get back destination host unreachable:

    PING 10.7.0.2 (10.7.0.2) 56(84) bytes of data.
    From 10.7.0.1 icmp_seq=1 Destination Host Unreachable
    ping: sendmsg: Destination address required

    On the client, I barely see any transfer in Wireguard app. It shows just a couple KB. Also tried changing the subnet part from /24 to /32, but didn't help. I spoke with Neoon and he told me regarding the host, there are no limitations and I shouldn't have done that part from Daniel's guide.

    OS is Ubuntu Focal Fossa and ufw is not installed at all. Do you maybe know how to fix this?

  • @oriend said: Can someone help me

    You are using port not assigned to you. Use one of the range assigned to your vps for the listening port of wg

    Thanked by 2oriend Sanjue007
  • @oriend said:
    on microLXC.

    Is it a nat VPS? Do you have access to port 51820?

    Thanked by 1oriend
  • Wow! I can't believe I was so into debugging on the VPS itself, that I totally forgot the port range from the portal, lol.

    Thank you guys!

Sign In or Register to comment.