Hi. I am aware my question is quite similar to this post ( Wireguard vs. Back To Home ). However this is all new for me so I want to make sure I am doing everything ok.
I want to use BTH to access the router´s interface while setting up VPN access for other services as well. So, I followed one tutorial and set up our back-to-home interface with default settings, which include port 53018 instead if 13231.
So, I then created a separate Wireguard interface, created a peer and added a second tunnel on my laptop.
Everything seems to work as expected, but I wonder if this is best practice or I should mount everything on top of BTH instead.
As a separate question, although I think it would not make much sense here: do I need to deactivate access to one VPN while accessing another one ?
BTH is useful when you don't want to be bothered with the details of setting up an WG interface & peers manually, or when you are behind NAT (CGNAT) with no public IP address (BTH will then help by providing a relay service).
If you already know how to setup WG manually, and are not behind NAT, then it's perfectly fine to create and use other WG interfaces. If you have no needs for the relay service, then you won't need BTH anymore. I personally am not using it because I don't like that it adds some dynamic settings that I cannot control.
No, you can have many WireGuard instances (interfaces) running in parallel, each with their own peers and address ranges. Sometimes it's needed if you want to have better control of the routing & firewall. For example, you can add a separate instance for site-to-site connection between two routers, then one to use as secure internet gateway (with no LAN access) when you travel and use public internet, one for management or LAN access. And of course, if you use 3rd party VPN providers, then you should also create separate WG instances for them.
Thanks CGG. You have been very helpful.
Regards
