Vpn and port forwarding

Hi all,
New to this forum but need some more help in configuring this. I am wanting to run a few game servers on my homelab that i have setup they need specific tcp and udp ports to be opened in order to run. At my previous house i just setup the port forwards in my router and configured the servers and no big deal ran great. But now in my new house i have a landlord who has a router but i dont have access to logging into it unfortunately. So i started thinking i can run something like airvpn and then change the config of the game servers to match the ports i have forwarded even though they arent the right ports. Wrong cant do that since certain games require specific ports to be unlocked. So i am thinking what if i setup a vpn on a spare raspberry pi and stick it at my parents house and then have that router at my parents house forward the ports i need. And then have all my game servers route through the vpn thats at their house and then go out that way for port forwarding to negate my landlords setup. Is this logical anyone see any issues with a configuration like this? Both houses are with 5 miles of each other and both have 1gig symmetrical fiber speeds. So it should be relatively fast. Was just curious if this would even work?

Should work fine. Pi/Linux is super flexible when it comes to various routing configurations. What router do you have at your place? Have you thought about how you could make game server traffic go through VPN while leaving regular traffic?

Also do you need publicly accessible game servers? If it’s just your friends with computers/phones you could “share” your game server and Tailscale can manage VPN hole punching.

Glad my idea isn’t totally absurd to someone else. So the router at my parents house is a xfinity router that can handle port forwarding but cant handle vpn internally hence why i was thinking pi hooked up to it. If this idea works i would probably segregate my game servers on their own vlan and then route it over vpn to my parents house. So the rest of my servers and computers in my house aren’t affected. You mean share the public ip just with them? Tailscale i’ve never heard of that. I was wanting to do more publicly accessible game servers since i want to go more into server management at work and running web servers and game servers at my house is just my way of teaching myself.

Apart from Raspberry Pi being less than ideal for networking tasks (pretty much anything else is better) it should be fine but do keep in mind that VPN will add quite a bit of latency so you probably want to use VPS / Barebones server setup instead.

1 Like

This is kind of what I was thinking too, but then again, game servers don’t need a lot of bandwidth typically and lots of people use wireguard for convenience, which doesn’t benefit from hardware aes extensions that Pi is missing.

One device that’s slightly worse on paper, but probably worth it’s salt would be the $25 1GB Rock64 from Pine64.

Once you go into $150-$200 territory, you might already be looking at x86. (Buying a $100 pi + fancy dongles will easily get you to a point where x86 might be cheaper). Used x86 can be had for about $100 but that takes more effort to procure (pretty much a non-starter outside of US).

I’d highly recommend going RK3399 over RK3328, it’s much better supported overall and a lot of people are interested and hacking on that SoC so it support doesn’t rely on one single entity. PCIe slot is also a nice addition :slight_smile:

When you don´t need proper user management plain wireguard is just fine (for a site to site vpn i really see no reason for user management). It´s really the main downside to wireguard, so things like tailscale exist that add on top of wireguard the features that it decided not to implement.

They also have a bit of a comparison on their website comparing tailcale to wireguard


When you create a site to site VPN with wireguard by default both networks see everything from the other network. So your raspberry pi can see all the PCs in your current place and your game server can see all the PCs in your parents place.

You should make sure both networks use different IP spaces. If you have both setup to use 192.168.1.x you’ll have some issues because the same IPs can be used up multiple times.

Though I don´t think you can directly port forward to your game server from the router, because only the raspberry pi will see the other network. Setting up port forwarding to your raspberry pi and then setting up rules to forward from there to your game server would be one way to do it, but seems a bit clunky.

There probably is some way to do this more elegantly so that you don´t have to grind threw iptable rules to do port forwarding on your raspberry pi… But I don´t know right now. Maybe it also just works and you can just port forward to your game server, I’m honestly not 100% sure. But I believe it probably does not (maybe someone can comment on that part?).

If you don´ t want the pi or the other site to see every PC in the other network. You can as you said either setup a VLAN for the pi and make it so the pi itself cannot see other devices in that network. Or setup those rules directly on the pi. You´ll also have to do the same thing on the other end.