Linux Wireguard gateway for Windows/Mac/Linux halo server(s)

[AntiMomentum 59]

2/24 
Keepalive has been added to the gateway guided installer scripts for clients. If a wireguard client was able to handshake with the gateway but still having issues despite using halo on port 2302 or default rdp, this Keepalive wireguard setting should fix that. Already made client.conf files can just have this line added to the bottom under the Endpoint line if needed (if you weren't having issues this isn't required):

PersistentKeepalive = 10

 

2/18 update **RDP for Windows**

RDP for Windows is finally fixed. RDP to the gateway ip on default rdp port (3389). Currently, RDP will only work for the client peer you use the client1.conf file for (10.0.0.2). 

To be able to RDP to multiple different Windows peers may involve adding more rules for different rdp ports. However, using a another wireguard client yourself should give access to to any windows peer default rdp port as well. Either method would work, but is not currently tested so I can't say that's support just yet. Eventually I'll have a private halo server version where clients use wireguard to see the Halo server in the LAN list, once that's working being able to RDP to multiple different peers will certainly be working by then.

2/15 update **guided installers for both the gateway and Linux clients.**

https://github.com/antimomentum/haloce/tree/master/firewalls/vpngateway/guidedinstall

client1.conf is 10.0.0.2 and default halo port 2302. the 2nd client file using 10.0.0.4 can host up to 200 halo servers through its connection.

The Wireguard client works on a variety of operating systems, including Windows, and can be integrated with existing setups :

https://www.wireguard.com/install/

Concept:

Basically one Linux gateway server acts as the public ip for the vpn client halo server. This would be like if you connected to a vpn service, started the halo server, and the halo server showed in the list with the ip of the vpn server and not the machine you actually run halo from. Except in this case it would actually work since you control the firewall of the vpn server

Wireguard is a vpn protocol like OpenVPN. VPN providers like NordVPN often use these open source protocols for their services. 

OpenVPN is more robust and has more developement and setups behind it. However the newer Wireguard protocol performs better (important for fps games) and is more secure on basic setups. It's also pretty quiet by itself.

I've personally tested this for halo with both linux and windows clients and these do indeed work through the tunnel
Last time I checked the Wireguard client for Android does indeed work as well. I've never hosted a halo server through a phone though, and I wouldn't even consider it without an unlimited data plan, and I would still not recommend it anyways.

It would be important that the host you chose for the vpn gateway server is close to the actual halo server. Obviously, the further away the halo server the more latency will increase.

I have left a notes page that gets into more of the required information to set this up. IPs you need to allow go in MDNS, ports you need to forward to the client server running halo go in the nat PREROUTING table like the example halo client ports are.

https://github.com/antimomentum/haloce/tree/master/firewalls/vpngateway

Windows clients will need the master server ip in the hosts file. For Windows this files is at:
c:\windows\system32\drivers\etc\hosts

add these two lines to the bottom of hosts:
34.197.71.170 hosthpc.com
34.197.71.170 s1.master.hosthpc.com

Please read notes carefully, especially the client whitelisting section near the bottom if you decide to give this setup a go. I'd be glad to help answer any questions. Post them here, in DM, or message me on Discord. If asking questions be sure to remove any keys or client ip info.

Edited February 25, 2022 by AntiMomentum