[WireGuard] Pass all traffic from external VPS to home network.

[Daniela]

Hello,
I am deeply sorry to bother you with such noobish questions but I wanted to know if it's possible to use an external vps (ubuntu/debian) that will passthrough all traffic to my home network.

For context I set up proxmox and a opnsense instance. I'm using that proxmox instance with vlan tags in order to connect my containers to the opnsense router but since I don't have a static IP I want to connect my opnsense router to an external VPS in order to gain a static IP + DDoS protection.
Does somebody have a step by step tutorial on how to do this?
BTW my vps is running ubuntu 24.04

Thank you and sorry again for my noobish question 

[viragomann]

Does somebody have a step by step tutorial on how to do this?

I sadly cannot offer you one. But you just need a site-to-site VPN and obey some policies.

W my vps is running ubuntu 24.04

Are you familiar with it for routing purposes?
Otherwise I'd recommend to install OPNsense as well on the VPS.

For the site-to-site Wireguard, there are heaps of tuts in the web.
Just configure the OPNsense to accept traffic from anywhere (0.0.0.0/0) and the remote site to accept traffic from your local network.

On the VPS you can then forward traffic to your local subnets.

On the local OPNsense you have add a firewall rule to allow the forwarded traffic. And that's the crucial point.
You have to assign an interface to your Wireguard instance (e.g. wg0) and add the rule to this interface then.
Remove all pass rules from the default Wireguard tab!

If you also want to route upstream traffic from local devices over the VPS, maybe with policy routing rules, you also need a masquerading rule for your local networks on the WAN of the VPS.