I don't have a public address at home. However, I would like to access the server at my home from my devices even when I'm not at home.
For this, I want to use a free-tier VPS from Oracle with a public IPv4 address, where the WireGuard server will run.
My laptop or phone would connect to the VPN when I'm not at home.
My goal is to remotely access the home network and all services on the home server (SMB share, paperless, home assistant...) or perhaps to the home network printer. All this through their IP addresses 192.168.88.X.
Is it possible? Can you please advise me how to configure the firewall and other things on the WireGuard server (VPS) and mikrotik router?
Thanks in advance for any advice. Thanks!
Current state:
I have a mikrotik router at home that should be able to connect to WireGuard VPN.
You can see it all in this diagram. (I'm new here so I can't add inline images)
I use wg-easy and the following configuration on the WG server
WG_DEFAULT_ADDRESS=10.8.0.x
WG_ALLOWED_IPS=10.8.0.0/24, 192.168.88.0/24
WG_POST_UP=iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
WG_POST_DOWN=iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE
With this, VPN clients can access the internet via VPS. Which is not what I'm after in the first place.
Client configuration on mobile and laptop
[Interface]
PrivateKey = <super secret>
Address = 10.8.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = <super secret>
PresharedKey = <super secret>
AllowedIPs = 10.8.0.0/24, 192.168.88.0/24
Endpoint = 123.123.123.123:51820
I think the WireGuard configuration on the mikrotik router should look something like this
[Interface]
PrivateKey = <super secret>
Address = 10.8.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = <super secret>
PresharedKey = <super secret>
AllowedIPs = 10.8.0.0/24
PersistentKeepalive = 25
Endpoint = 123.123.123.123:51820
