Hi guys!
I've been setting up a WireGuard VPN on my hAP 2 AC, and so far I have a simple working setup, illustrated below.
![Image]()
WAN-IP is an address list for the public DDNS address (ether1 -interface).
wireguard-home is the WireGuard server interface, serving at port 13231.
On the hAP, I have only poked a hole in the firewall with a simple 'accept' rule, that accpets WAN-IP:13231 connections.
At the client end in the Internet, I have routing configuration in place to access the home LAN 192.168.0.0/24, so traffic flows correctly. (This was also necessary as there seemed to be an overlapping 192.168.0.0 network somewhere in the operator realm..)
However, I was wondering would there be a more "elegant" way of doing this? Maybe so that I could bundle wireguard-home to the LAN for example, so I could handle all the logical LAN hosts as single logical entity. And also to avoid the need for adding the LAN 192.168.0.0/24 routing entries at the VPN clients' config.
Could I somehow for example directly forward the VPN traffic from the WAN-IP :13231 to "wireguard-home" interface directly? Or would that even make sense?
Then again, I would like to avoid "route all to VPN", as I need to access only my LAN hosts through the VPN access. So as such, the current implementation would work.
Just looking for pointers and maybe example configurations, where to look at. "Mangling" was a Mikrotik -specific term I ran into. Would that be useful?
I've been setting up a WireGuard VPN on my hAP 2 AC, and so far I have a simple working setup, illustrated below.
WAN-IP is an address list for the public DDNS address (ether1 -interface).
wireguard-home is the WireGuard server interface, serving at port 13231.
On the hAP, I have only poked a hole in the firewall with a simple 'accept' rule, that accpets WAN-IP:13231 connections.
At the client end in the Internet, I have routing configuration in place to access the home LAN 192.168.0.0/24, so traffic flows correctly. (This was also necessary as there seemed to be an overlapping 192.168.0.0 network somewhere in the operator realm..)
However, I was wondering would there be a more "elegant" way of doing this? Maybe so that I could bundle wireguard-home to the LAN for example, so I could handle all the logical LAN hosts as single logical entity. And also to avoid the need for adding the LAN 192.168.0.0/24 routing entries at the VPN clients' config.
Could I somehow for example directly forward the VPN traffic from the WAN-IP :13231 to "wireguard-home" interface directly? Or would that even make sense?
Then again, I would like to avoid "route all to VPN", as I need to access only my LAN hosts through the VPN access. So as such, the current implementation would work.
Just looking for pointers and maybe example configurations, where to look at. "Mangling" was a Mikrotik -specific term I ran into. Would that be useful?
Statistics: Posted by RoyalBluez — Tue Jan 02, 2024 9:29 pm