I’ve done a proof of concept with SSH tunneling to add a public IP to my 5G home broadband connection, it works for my garage-hosted blogs but it’s not a complete solution. Since I still have free credit in my personal Google Cloud account, I decided to make an improvement with OpenVPN. The diagram looks like:
[CloudFlare] | HTTP | [VM:35.197.x.x:80] | [iptables DNAT] | [OpenVPN tunnel] | [local server tun0 interface: 10.8.0.51:80]
Following an outstanding tutorial on DigitalOcean I set up an OpenVPN server on Debian 10 running in a Google Cloud Compute instance. There’s a few more thing to do for my case.
First I needed to add port forwarding from the public interface of the OpenVPN server to home server’s tunnel interface. Here’s my
ufw configuration file:
# this is /etc/ufw/before.rules # START OPENVPN RULES # NAT table rules *nat :PREROUTING ACCEPT [0:0] # port forwarding to home server -A PREROUTING -i eth0 -p tcp -d <public ip> --dport 80 -j DNAT --to 10.8.0.51:80 :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0, ie. internet access -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
Make sure to restart
ufw after this.
Then in my home server, the OpenVPN client can be configured to run as a service:
# this is /etc/systemd/system/vpnclient.service [Unit] Description=Setup an openvpn tunnel to kite server After=network.target [Service] ExecStart=/usr/sbin/openvpn --config /etc/openvpn/client1.conf RestartSec=5 Restart=always [Install] WantedBy=multi-user.target
To enable it and start immediately:
sudo systemctl daemon-reload sudo systemctl enable vpnclient sudo systemctl start vpnclient
Also I need my home server to have a fixed IP for its
tun0 network interface, so the nginx server can proxy traffic to this IP reliably. I followed this guide, except it suggested to do
client-config-dir on both server and client sides but I only did on the server side and it worked for me:
# this is /etc/openvpn/server.conf # uncomment the following line client-config-dir ccd # this is /etc/openvpn/ccd/client1 ifconfig-push 10.8.0.51 255.255.255.255
After this the OpenVPN server on the VM needs to be restarted:
sudo systemctl restart openvpn@server
Reload the nginx server and it should be working. I tested it with
curl -H "Host: raynix.info" 35.197.x.x and the request hit my home server.