Closed mboothroyd closed 2 years ago
The answer is no, the only port you would need to open on your host is for outbound connection to the VPN endpoint
Wow, thank you for the fast response!
Given I have sudo ufw default allow outgoing
in the ufw rules, I don't think I need to open the port as the VPN connection can punch through (it's working now).. Unless there's something I'm missing?
Unless there's something I'm missing?
not that i can think of, sounds like its setup correctly to me.
Thank you!!!
I have a dedicated server in a datacenter I'm trying to use as a bittorrent box. It is sufficiently powerful (i5, 32GB RAM, 250GB SSD) and runs Debian 11 (no ability to change OS remotely).
As the server is directly exposed to the internet with its own public IP, I have enabled UFW to deny all incoming connections by default.
I have the arch-qbittorrentvpn container mapping its webui to 127.0.0.1:8080 and caddy (installed via debian package) doing reverse proxy + TLS for the qBittorrent Web UI.
My ufw ruleset on the debian 11 host is:
I am also using Mullvad with wireguard, and have assigned a port on the Mullvad site to my wireguard connection. I have arch-qbittorrentvpn working perfectly and have verified the port is open (at least to the Mullvad server) but the speeds are not what I imagined. The ISP server is only one hop away from the wireguard endpoint (over a local IXP) and I've all of the different Mullvad servers in the location. I am assuming there is no other network issue at this level.
Do I need to add a UFW rule on the debian host to allow the incoming port forward to make it all the way to the arch-qbittorrentvpn container?