[WireGuard] Pass all traffic from external VPS to home network.

[Daniela]

Hello,
I am deeply sorry to bother you with such noobish questions but I wanted to know if it's possible to use an external vps (ubuntu/debian) that will passthrough all traffic to my home network.

For context I set up proxmox and a opnsense instance. I'm using that proxmox instance with vlan tags in order to connect my containers to the opnsense router but since I don't have a static IP I want to connect my opnsense router to an external VPS in order to gain a static IP + DDoS protection.
Does somebody have a step by step tutorial on how to do this?
BTW my vps is running ubuntu 24.04

Thank you and sorry again for my noobish question  :-[

[viragomann]

Does somebody have a step by step tutorial on how to do this?

I sadly cannot offer you one. But you just need a site-to-site VPN and obey some policies.

W my vps is running ubuntu 24.04

Are you familiar with it for routing purposes?
Otherwise I'd recommend to install OPNsense as well on the VPS.

For the site-to-site Wireguard, there are heaps of tuts in the web.
Just configure the OPNsense to accept traffic from anywhere (0.0.0.0/0) and the remote site to accept traffic from your local network.

On the VPS you can then forward traffic to your local subnets.

On the local OPNsense you have add a firewall rule to allow the forwarded traffic. And that's the crucial point.
You have to assign an interface to your Wireguard instance (e.g. wg0) and add the rule to this interface then.
Remove all pass rules from the default Wireguard tab!

If you also want to route upstream traffic from local devices over the VPS, maybe with policy routing rules, you also need a masquerading rule for your local networks on the WAN of the VPS.

[Painkkims]

Are you planning to use a VPN service or set up your own for the passthrough? That can make a big difference in how you handle security.

[Mikasonu]

I've actually been through something similar when I set up my own home network and needed a static IP. I ended up using a VPS with Ubuntu, just like you're doing, to tunnel traffic to my home network. The process wasn't too bad once I had everything configured right.

In my case, I went with a dedicated server from https://ishosting.com/en/dedicated, which helped a lot with both stability and DDoS protection. They were really straightforward to set up, and their support team was super helpful when I had questions about the passthrough configuration. I ended up following a general guide on setting up VPN tunnels with iptables to route traffic, but honestly, there's a lot of great tutorials out there once you get the hang of the basics.