Expose my TP-Link AX20 FTP to the Internet via WireGuard + VPS
Hello!
I’m connected to the Internet behind a NAT.
I want to expose my TP-Link Archer AX20’s FTP to the world and be able to access it even when I’m not connected to the home network. I got a free VPS Linux from Oracle and set up WireGuard VPN. My router successfully connected to it. When I enable a client to use the VPN I can clearly see it works fine and my public IP becomes the same as the VPS. However, I’m not sure what do I need to do to be able to access the router’s FTP from the VPS’ public IP.
I’d appreciate any help. This is the guide that got me this far.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I cannot access the router’s FTP even from the VPS itself. Here are the tests I performed from the VPS.
ubuntu@vpn11:~$ sudo wg show
interface: wg0
public key: (hidden)
private key: (hidden)
listening port: 58586
peer: (hidden)
preshared key: (hidden)
endpoint: (hidden):37899
allowed ips: 10.66.66.2/32, fd42:42:42::2/128
latest handshake: 28 seconds ago
transfer: 3.45 MiB received, 12.74 MiB sent
ubuntu@vpn11:~$ ip route
default via 10.0.0.1 dev ens3 proto dhcp src 10.0.0.135 metric 100
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.135 metric 100
10.0.0.1 dev ens3 proto dhcp scope link src 10.0.0.135 metric 100
10.66.66.0/24 dev wg0 proto kernel scope link src 10.66.66.1
169.254.0.0/16 dev ens3 proto dhcp scope link src 10.0.0.135 metric 100
169.254.169.254 dev ens3 proto dhcp scope link src 10.0.0.135 metric 100
192.168.0.0/24 via 10.66.66.2 dev wg0
ubuntu@vpn11:~$ ping -c 4 10.66.66.2
PING 10.66.66.2 (10.66.66.2) 56(84) bytes of data.
--- 10.66.66.2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3061ms
ubuntu@vpn11:~$ ping -c 4 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 10.66.66.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.66.66.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.66.66.1 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.66.66.1 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: Required key not available
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3048ms
ubuntu@vpn11:~$ nc -vz 192.168.0.1 21
nc: connect to 192.168.0.1 port 21 (tcp) failed: No route to host
The VPS has a route to the LAN (e.g., 192.168.0.0/24 via 10.66.66.1). NAT is enabled on the router for WireGuard. Even basic TCP or ping cannot reach the LAN host.
Am I missing something or doing something wrong?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Probably the culprit here is with the VPS settings.
Do you have any ideas? I think the settings are just fine because the VPN itself is already up and running. All the VPS egress traffic is allowed as well. What else could it be?
In general, if you want to expose an FTP server behind your AX20 to the Internet, here's a guide on that.
I think this guide is far from my goal. First, I don't have public IP (i.e., I use Internet behind NAT) to be accessed from the Internet. Second, I don't want anything running 24/7 especially for the FTP (besides the router that is already running 24/7).
- Copy Link
- Report Inappropriate Content
Hi,
I do understand your intentions, but what you are trying to do is not a common use case for a VPN client.
I am pretty sure the AX20's VPN client must be blocking incoming traffic, as otherwise this would be a security problem. And since the interface of TP-Link's routers provides no options to unblock this type of traffic, I don't see how this could be solved.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 123
Replies: 5
Voters 0
No one has voted for it yet.