DS-Lite / IPv6 Portfreigaben erstellen inkl. ReverseProxy und VPN-Server

Sie sehen gerade einen Platzhalterinhalt von Standard. Um auf den eigentlichen Inhalt zuzugreifen, klicken Sie auf die Schaltfläche unten. Bitte beachten Sie, dass dabei Daten an Drittanbieter weitergegeben werden.

Mehr Informationen

In diesem Video zeige ich euch, wie ihr bei einem DS-Lite Anschluss, einem Anschluss hinter einem CG-NAT oder wenn ihr nur eine IPv6 Adresse habt Ports an das Internet öffnen könnt. Außerdem installieren wir direkt einen ReverseProxy, so dass Ihr ganz einfach mehrere Webseiten über eueren Internet Anschluss inkl. SSL Zertifikat erreichbar machen könnt.


Du benötigst Unterstützung bei der Installation oder Konfiguration deines WireGuard VPN-Tunnels? Ich helfe dir gerne weiter! Schreib mir einfach eine Mail an: service@apfelcast.com

» Ports direkt durchreichen: https://cc.apfelcast.com/dz6ck
» VPN-Verbindung ins Heimnetz aufbauen: https://cc.apfelcast.com/wo39l

» 20€ Hetzner Startguthaben: https://hetzner.cloud/?ref=580VHBiG8SNl

» AWOW mini PC VPN Client Server: https://amzn.to/3kvryjK

» Relevante Videos:
WireGuard VPN Server installieren: https://www.youtube.com/watch?v=yOmYfxAFMnM
WireGuard Site-to-Site VPN: https://youtu.be/aiabrnHj6_o
HomeServer selbst bauen: https://www.youtube.com/playlist?list=PLLg1WgOBYXOs3dFOlaujpPLXVkq06btrk

Im Video verwendete Befehle:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
###### WireGuard Tunnel ######
## install WireGuard ##
apt install wireguard
## enbale ip forwarding ##
nano /etc/sysctl.conf
uncomment net.ipv4.ip_forward=1
## apply changes ##
sysctl -p
## generate public and private keys ##
cd /etc/wireguard
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
--> site 1 (server)
## create wg0.conf
nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <site-1 private-key>
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
[Peer]
PublicKey = <site-2 public-key>
AllowedIPs = 10.0.0.0/24, 192.168.178.0/24
PersistentKeepalive = 25
--> site 2 (client)
## create wg0.conf
[Interface]
PrivateKey = <site-2 private-key>
Address = 10.0.0.3/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <site-1 public-key>
Endpoint = <FQDN>:51820
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25
--> on site 1 and 2
## start connection ##
wg-quick up wg0
## show status ##
wg show
######## Nginx Proxy Manager ########
## install Docker && Docker-Compose ##
apt install docker.io && apt install docker-compose -y
## create projekt directory and open it ##
mkdir npm
cd npm
## create docker congig.json ##
nano config.json
{
"database": {
"engine": "mysql",
"host": "db",
"name": "npm",
"user": "npm",
"password": "npm",
"port": 3306
}
}
## creacker docker-compose.yml ##
nano docker-compose.yml
version: "3"
services:
app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- 80:80
- 81:81
- 443:443
volumes:
- ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
environment:
# if you want pretty colors in your docker logs:
- FORCE_COLOR=1
db:
image: mariadb:latest
restart: always
environment:
MYSQL_ROOT_PASSWORD: "npm"
MYSQL_DATABASE: "npm"
MYSQL_USER: "npm"
MYSQL_PASSWORD: "npm"
volumes:
- ./data/mysql:/var/lib/mysql
## build the conatiner ##
docker-compose up -d
## acess via web browser ##
http://hostip:81
## default login ##
user: admin@example.com
pw: changeme
######## IP Tables Forwarding ########
iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 10.0.0.1:81
iptables -t nat -A POSTROUTING -j MASQUERADE
######## WireGuard automatisieren ########
## enable on system boot ##
systemctl enable wg-quick@wg0
###### WireGuard Tunnel ###### ## install WireGuard ## apt install wireguard ## enbale ip forwarding ## nano /etc/sysctl.conf uncomment net.ipv4.ip_forward=1 ## apply changes ## sysctl -p ## generate public and private keys ## cd /etc/wireguard umask 077; wg genkey | tee privatekey | wg pubkey > publickey --> site 1 (server) ## create wg0.conf nano /etc/wireguard/wg0.conf [Interface] PrivateKey = <site-1 private-key> Address = 10.0.0.1/24 SaveConfig = true PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 51820 [Peer] PublicKey = <site-2 public-key> AllowedIPs = 10.0.0.0/24, 192.168.178.0/24 PersistentKeepalive = 25 --> site 2 (client) ## create wg0.conf [Interface] PrivateKey = <site-2 private-key> Address = 10.0.0.3/24 SaveConfig = true PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <site-1 public-key> Endpoint = <FQDN>:51820 AllowedIPs = 10.0.0.0/24 PersistentKeepalive = 25 --> on site 1 and 2 ## start connection ## wg-quick up wg0 ## show status ## wg show ######## Nginx Proxy Manager ######## ## install Docker && Docker-Compose ## apt install docker.io && apt install docker-compose -y ## create projekt directory and open it ## mkdir npm cd npm ## create docker congig.json ## nano config.json { "database": { "engine": "mysql", "host": "db", "name": "npm", "user": "npm", "password": "npm", "port": 3306 } } ## creacker docker-compose.yml ## nano docker-compose.yml version: "3" services: app: image: jc21/nginx-proxy-manager:latest restart: always ports: - 80:80 - 81:81 - 443:443 volumes: - ./config.json:/app/config/production.json - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db environment: # if you want pretty colors in your docker logs: - FORCE_COLOR=1 db: image: mariadb:latest restart: always environment: MYSQL_ROOT_PASSWORD: "npm" MYSQL_DATABASE: "npm" MYSQL_USER: "npm" MYSQL_PASSWORD: "npm" volumes: - ./data/mysql:/var/lib/mysql ## build the conatiner ## docker-compose up -d ## acess via web browser ## http://hostip:81 ## default login ## user: admin@example.com pw: changeme ######## IP Tables Forwarding ######## iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 10.0.0.1:81 iptables -t nat -A POSTROUTING -j MASQUERADE ######## WireGuard automatisieren ######## ## enable on system boot ## systemctl enable wg-quick@wg0
###### WireGuard Tunnel ######

## install WireGuard ##
apt install wireguard

## enbale ip forwarding ##
nano /etc/sysctl.conf

uncomment net.ipv4.ip_forward=1

## apply changes ##
sysctl -p

## generate public and private keys ##
cd /etc/wireguard
umask 077; wg genkey | tee privatekey | wg pubkey > publickey

--> site 1 (server)

## create wg0.conf

nano /etc/wireguard/wg0.conf

[Interface] 
PrivateKey = <site-1 private-key>
Address = 10.0.0.1/24
SaveConfig = true 
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = <site-2 public-key>
AllowedIPs = 10.0.0.0/24, 192.168.178.0/24
PersistentKeepalive = 25

--> site 2 (client)

## create wg0.conf

[Interface] 
PrivateKey = <site-2 private-key>
Address = 10.0.0.3/24
SaveConfig = true 
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer] 
PublicKey = <site-1 public-key>
Endpoint = <FQDN>:51820 
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25

--> on site 1 and 2

## start connection ##
wg-quick up wg0

## show status ##
wg show


######## Nginx Proxy Manager ########

## install Docker && Docker-Compose ##

apt install docker.io && apt install docker-compose -y

## create projekt directory and open it ##
mkdir npm
cd npm

## create docker congig.json ##
nano config.json

{
  "database": {
    "engine": "mysql",
    "host": "db",
    "name": "npm",
    "user": "npm",
    "password": "npm",
    "port": 3306
  }
}

## creacker docker-compose.yml ##
nano docker-compose.yml

version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:latest
    restart: always
    ports:
      - 80:80
      - 81:81
      - 443:443
    volumes:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
    environment:
    # if you want pretty colors in your docker logs:
    - FORCE_COLOR=1
  db:
    image: mariadb:latest
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: "npm"
      MYSQL_DATABASE: "npm"
      MYSQL_USER: "npm"
      MYSQL_PASSWORD: "npm"
    volumes:
      - ./data/mysql:/var/lib/mysql
      
      
## build the conatiner ##
docker-compose up -d

## acess via web browser ##
http://hostip:81

## default login ##
user: admin@example.com
pw: changeme

######## IP Tables Forwarding  ########

iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 10.0.0.1:81

iptables -t nat -A POSTROUTING -j MASQUERADE


######## WireGuard automatisieren ########

## enable on system boot ##
systemctl enable wg-quick@wg0


apfelcast Support

Du benötigst Unterstützung bei deinem Projekt oder hast Fragen zur Umsetzung?
Dann melde ich gern bei uns!

Ähnliche Beiträge