2 min read

Bypass CGNAT with WireGuard Tunnels (Cloudflare Tunnel's Alternative)

Bypass CGNAT with WireGuard Tunnels (Cloudflare Tunnel's Alternative)
Photo by Daniel Jerez / Unsplash

https://github.com/mochman/Bypass_CGNAT

  1. On your VPS, run the following commands
wget "https://raw.githubusercontent.com/mochman/Bypass_CGNAT/main/Oracle%20Cloud/Oracle_Installer.sh"

chmod 755 Oracle_Installer.sh

./Oracle_Installer.sh
  1. The installer will walk you through the installation process. The first couple of things it does is update/upgrade all your software. This will take a few minutes.
  2. At a minimum, you will need to know your VPS Public IP and what services(Ports & Protocols) you want to allow through.

Example 1: let's say your Local Server has Nginx Proxy Manager (NPM) installed on it, running on port 443. When prompted on the script, type in 443/tcp

Example 2: let's say you also want to pass through traffic to Home Assistant (port 6432) on a different server on your network that NPM doesn't reverse proxy for. Your input would be 443/tcp,6432/tcp (passing through both services).

  1. Once you have entered all your IP, Port, and Protocol information. The script will provide you with a command to execute on your Local Server. It will wait for you to enter a public key that will be provided to you when you run the script on your Local Server.
  2. On your Local Server, run the following commands
wget "https://raw.githubusercontent.com/mochman/Bypass_CGNAT/main/Oracle%20Cloud/Oracle_Installer.sh"

chmod 755 Oracle_Installer.sh

<COMMAND PROVIDED TO YOU FROM VPS SCRIPT>
  1. If you added services to pass through, the script will ask you where those services point to. If those services are hosted on the same Local Server you are running the script on, just press enter when prompted. Otherwise, you will need to provide the IP address of the device that is hosting the service.

Example 1: let's say your Local Server has Nginx Proxy Manager (NPM) installed on it, running on port 443. When you are prompted for the IP of 443/tcp, just press enter.

Example 2: let's say you are running Home Assistant (port 6432) on a different server on your network that NPM doesn't reverse proxy for. When you are prompted for the IP of 6432/tcp, enter your Home Assistant's IP address.

  1. After all of that information is input, the script will give you a public key to copy and paste back into the VPS script. Do so.
  2. After inputting the public key in the VPS, the Wireguard service will be started and both servers will try to ping each other over the VPN to see if a connection is established. You should hopefully be told a connection has been established.
  3. The installation script will ask you if you would like it to set up your firewall. Saying no will allow all traffic from the internet through the VPN to your Local Server. Saying yes will only allow traffic to access the ports you have specified previously. Yes is recommended.