In order to access my webserver (behind CGNAT on my home PC), I established a wireguard tunnel between my home PC (wireguard IP 10.8.0.3) and a VPS (wireguard IP 10.8.0.1 and public IP 11.22.33.44). I also have a domain (my.domain) that is associated with the VPS' public IP.
Wireguard conf on the VPS
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
[Peer]
## my home pc
PublicKey = QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ
AllowedIPs = 10.8.0.3/32
Wireguard conf on my home pc
[Interface]
PrivateKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Address = 10.8.0.3/32
[Peer]
PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
AllowedIPs = 0.0.0.0/0
Endpoint = 11.22.33.44:51820
PersistentKeepalive = 25
I also have UFW installed on the VPS (no firewall on my home pc) using which I am port forwarding 80 from the internet to my home pc.
To Action From
-- ------ ----
[ 1] Anywhere ALLOW IN 10.8.0.0/24
[ 2] 51820/udp ALLOW IN Anywhere
[ 3] 51820/udp (v6) ALLOW IN Anywhere (v6)
/etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.3:80
-A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.3:443
-A OUTPUT -o lo -p tcp --dport 80 -j DNAT --to-destination 10.8.0.3:80
-A OUTPUT -o lo -p tcp --dport 443 -j DNAT --to-destination 10.8.0.3:443
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
Using these configurations, I am able to access my website using my domain from the internet (browser on my phone with different network) and my vps (tested via curl -4 -v my.domain). However, when I perform curl -4 -v my.domain from my home pc (10.8.0.3), I get the following error:
root@home-pc:~# curl -4 -v my.domain
* Trying 11.22.33.44:80...
* connect to 11.22.33.44 port 80 failed: Connection refused
* Failed to connect to my.domain port 80 after 25 ms: Couldn't connect to server
* Closing connection 0
curl: (7) Failed to connect to my.domain port 80 after 25 ms: Couldn't connect to server
I know that I can directly connect to my website from my home pc using localhost (or 192.168.50.2) but I am unable to figure out why I cannot connect to my home pc via the VPN. I would like to do this because then I want to connect to localhost using my.domain. How can I achieve this? Thanks in advance for any leads.
/etc/hostsor dnsmasq file on my home pc to allow my.domain to connect to localhost. But I am still curious why this doesn't work within the wireguard tunnel.eth0interface ... however, when you connect to that VPS through your wireguard connection, you are connecting on the VPSwg0(or whatever you've called the wireguard interface on the VPS)-A PREROUTING -i wg0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.3:80but it still doesnt work and connection times out.