~fd/ersei.net

dcf65501c69eb3bff4448f235f120a34ded02d3f — Ersei Saggi a month ago 4e85101
More clarity
1 files changed, 19 insertions(+), 7 deletions(-)

M pages/03.blog/41.no-ip-no-problem/item.en.md
M pages/03.blog/41.no-ip-no-problem/item.en.md => pages/03.blog/41.no-ip-no-problem/item.en.md +19 -7
@@ 140,14 140,26 @@ include "/etc/nftables/proxy.nft"

This firewall rule will NOT close SSH access. If you have publicly available SSH, that is a bad idea, and you should adjust `allowed_tcp_dports` to not include SSH. This default configuration will only pass through HTTP and HTTPS. Adjust `allowed_tcp_dports` to allow your TCP port, and `allowed_udp_dports` to allow your UDP port. In the first file, use the example HTTP/HTTPS configuration to forward another port. Keep in mind that this port forwarding will take priority! If you have SSH open to the VPS and you try forwarding SSH, you WILL lose SSH access!

Add the line `include /etc/nftables/main.nft;` at the end of the file `/etc/nftables.conf`, then run `sudo sysctl -w net.ipv4.ip_forward=1` and `echo net.ipv4.ip_forward = 1 | sudo tee -a /etc/sysctl.conf`. Reload the firewall rules: `sudo systemctl restart nftables`.
Add the line `include /etc/nftables/main.nft;` at the end of the file `/etc/nftables.conf` (the semicolon is important), and then restart the firewall (and ensure it persists across reboots):

```console
cloudvm# systemctl enable nftables
cloudvm# systemctl restart nftables
```

Finally, enable IP forwarding and make it persist across reboots:

```console
cloudvm# sysctl -w net.ipv4.ip_forward=1
cloudvm# echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
```

## Step 4: Set Up Wireguard

First, set up the Wireguard keys. On the cloud VM, run this command as root:

```
wg genkey | tee privatekey | wg pubkey > publickey
```console
cloudvm# wg genkey | tee privatekey | wg pubkey > publickey
```

Keep these generated files (`privatekey`, `publickey`) in a safe place.


@@ 186,11 198,11 @@ AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 30
```

Then, reload the firewall rules and start the Wireguard tunnels:
Then start and persist the Wireguard tunnel on both machines:

```
sudo systemctl enable --now wg-quick@wg0.service
sudo systemctl restart nftables.service
```console
cloudvm# systemctl enable --now wg-quick@wg0.service
server# systemctl enable --now wg-quick@wg0.service
```

---