AdGuard VPN's SSTP protocol, while secure, often requires manual port forwarding to expose services to the internet. This is because the VPN creates a Network Address Translation (NAT) layer. We need to bypass this to allow external traffic through the AdGuard VPN SSTP connection. This setup assumes you have a working AdGuard VPN SSTP connection established.
The core of port forwarding lies in configuring your firewall and potentially your router (if applicable).
Firewall (iptables example):
# Allow incoming traffic on port 8080 (example)
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8080 -j ACCEPT
# Masquerade traffic through the AdGuard VPN interface (replace tun0)
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
Replace tun0 with the actual interface name of your AdGuard VPN SSTP connection. Adjust the port 8080 to your desired port.
sysctl Configuration (IP Forwarding):
Ensure IP forwarding is enabled.
echo 1 > /proc/sys/net/ipv4/ip_forward
To make this permanent, edit /etc/sysctl.conf and uncomment or add the line:
net.ipv4.ip_forward=1
Then apply the changes:
sysctl -p
Routing: No specific routing rules are typically required if the default gateway is correctly configured after the AdGuard VPN SSTP connection is established. Verify your default route using route -n.
DNS: Ensure your DNS settings are correctly configured. The AdGuard VPN client should handle this automatically, but verify that you are using a functional DNS server.
Port Scanning: Use an online port scanning tool to check if the forwarded port is open and accessible from the internet.
Service Access: Attempt to access the service from an external network using the public IP address associated with your AdGuard VPN SSTP connection and the forwarded port.
Ping: Ping your public IP to verify basic connectivity.
Interface Name: The tun0 interface name is an example. Use ip addr or ifconfig to determine the correct interface name for your AdGuard VPN SSTP connection.
Firewall Persistence: The iptables rules shown are not persistent across reboots. Use a tool like iptables-persistent (Debian/Ubuntu) or equivalent to save the rules.
Security: Be mindful of the security implications of port forwarding. Only forward the necessary ports.
AdGuard VPN Configuration: This guide assumes the standard AdGuard VPN SSTP client configuration.
Router Configuration: If you are behind a router, you may need to configure port forwarding on the router as well, directing traffic to the internal IP address of the machine running the AdGuard VPN SSTP client.