A
Admincraft7mo ago
Gotham

fastest way to tunnel my locally-ran minecraft server to my vps to make it publically accessible?

Hello, I am running a minecraft server locally which i would like to be accessible by my friends, i have an ovh vps with a public ip address, and i would like to use tunneling to do so. But i have no idea how i should do it, any recommendations?
26 Replies
Admincraft Meta
Admincraft Meta7mo ago
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close !close !solved !answered
Requested by batmanatgotham#0
QarthO
QarthO7mo ago
do u need to tunnel or are you just trying to hide your ip?
Gotham
GothamOP7mo ago
cgnat so i need to
Carl-bot
Carl-bot7mo ago
We may have bad news for you :C
Open your router's configuration interface. Somewhere you'll see something like 'external' or 'public' IP. If your external IP is in one of the following ranges, you're basically screwed as long as portforwards go: - 10.0.0.0/8 - 172.16.0.0/20 - 192.168.0.0/16 - 100.64.0.0/10 - any IPv6 address/range - This shouldn't be a problem, but Minecraft's IPv6 support is still rather quirky. You're at your own but we're happy if you share your experience. You should ask your ISP for a public and IPv4 address (but this may cost you money). NB: your internal IP should and most probably will be in one of the first three ranges, don't mix them up
Admincraft Canned Responses
Torrent
Torrent7mo ago
sorry just wanted to read that real quick Why not try ngrok?
Gotham
GothamOP7mo ago
would prefer to use a custom vps, since its cheaper and kind of gives more freedom
Torrent
Torrent7mo ago
wait wym
Gotham
GothamOP7mo ago
?
Torrent
Torrent7mo ago
ngrok is just for the tunnel
Gotham
GothamOP7mo ago
yeah, and i want to use a vps to tunnel with wireguard ngrok is almost 5x more expensive than a vps also i already have a vps so
Torrent
Torrent7mo ago
ngrok has a free plan.. but ok so are you asking how to use wireguard? because your question was about how to tunnel your minecraft server to your vps in general
Gotham
GothamOP7mo ago
i mean, i am fine with using anything other than wireguard, its not a hard necessity pretty sure that doesnt have a permanent link/whatever
Torrent
Torrent7mo ago
it comes with its own domain, but iirc you can't use a custom domain (CNAME cross user banned) well if you want to use wireguard, start by installing it on your VPS
Gotham
GothamOP7mo ago
i already have
Torrent
Torrent7mo ago
and downloading the client version on your PC
Gotham
GothamOP7mo ago
So, hello, i am messing around with the guide, and this is my config (client) 
[Interface]
PrivateKey = key
Address = 10.20.4.2/24 
Table = 1

PostUp = ip rule add pref 500 from 10.20.4.2 lookup 1 
PostDown = ip rule del pref 500 

[Peer] 
PublicKey = key
AllowedIPs = 0.0.0.0/0 
Endpoint = [vps ip]:51820
PersistentKeepalive = 25
[Interface]
PrivateKey = key
Address = 10.20.4.2/24 
Table = 1

PostUp = ip rule add pref 500 from 10.20.4.2 lookup 1 
PostDown = ip rule del pref 500 

[Peer] 
PublicKey = key
AllowedIPs = 0.0.0.0/0 
Endpoint = [vps ip]:51820
PersistentKeepalive = 25
(server) 
[Interface]
PrivateKey = key
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.20.4.2:25565
PostUp = iptables -t nat -A POSTROUTING -o esn3 -j MASQUERADE 
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.20.4.2:25565 
PostDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

ListenPort = 51820
Address = 10.20.4.1/24

[Peer]
PublicKey = key
AllowedIPs = 10.20.4.2/24 
[Interface]
PrivateKey = key
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.20.4.2:25565
PostUp = iptables -t nat -A POSTROUTING -o esn3 -j MASQUERADE 
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.20.4.2:25565 
PostDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

ListenPort = 51820
Address = 10.20.4.1/24

[Peer]
PublicKey = key
AllowedIPs = 10.20.4.2/24
and i can ping from both sides, attach ports and listen through netcat and telnet from both sides, except the port 25565, that doesnt work for some reason. also, if i run the minecraft server (or anything really) on port 25565, and try to connect to vps's ip:25565, that doesnt work, so i am guessing forwarding isnt happening? i have the ports opened and ipv4 forwarding enabled in sysctl.conf, idk what else i can do (copy pasted, dont mind)
Torrent
Torrent7mo ago
can you do: sudo iptables -t nat -L -v to see if the iptables actually applied also wouldn't hurt to restart wireguard (assuming you haven't already after changing the config)
Gotham
GothamOP7mo ago
Chain PREROUTING (policy ACCEPT 13521 packets, 577K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   18  1080 DNAT       tcp  --  any    any     anywhere             anywhere             tcp dpt:25565 to:10.20.4.2:25565
    0     0 DNAT       tcp  --  any    any     anywhere             anywhere             tcp dpt:25565 to:10.20.4.2:25565

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 71 packets, 4938 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  any    esn3    anywhere             anywhere            
    0     0 MASQUERADE  all  --  any    esn3    anywhere             anywhere    
Chain PREROUTING (policy ACCEPT 13521 packets, 577K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   18  1080 DNAT       tcp  --  any    any     anywhere             anywhere             tcp dpt:25565 to:10.20.4.2:25565
    0     0 DNAT       tcp  --  any    any     anywhere             anywhere             tcp dpt:25565 to:10.20.4.2:25565

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 71 packets, 4938 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  any    esn3    anywhere             anywhere            
    0     0 MASQUERADE  all  --  any    esn3    anywhere             anywhere
it seems to be already done it
Torrent
Torrent7mo ago
and (sorry if this is a stupid question) are you sure ip forwarding is enabled? also wouldn't hurt to check wireguard logs: journalctl -u wg-quick@wg0
Gotham
GothamOP7mo ago
on the server? it is,
No description
No description
Torrent
Torrent7mo ago
also not calling you out but would be worth it to double check ufw status
Gotham
GothamOP7mo ago
client: the 8 am one server: the 2 am one i dont see anything
No description
No description
Gotham
GothamOP7mo ago
its fine, i can very stupid at times, no need to mention that, i get you are not being rude. its allowed on the server
No description
Gotham
GothamOP7mo ago
on my local machine its enabled aswell
No description
Torrent
Torrent7mo ago
yeah i've hit about the limit of my knowledge of this shit, sorry dude was hoping something would shout at me, but i'm sure with what you provided someone else will see what's wrong
Gotham
GothamOP7mo ago
thanks for your help tho

Did you find this page helpful?