Best approach to dual purpose device - wifi ap / lte travel router

RouterOS Beginner Basics
1

O’ Wise Ones!

Here I come in peace, seeking your guidance and bringing the story of two devices that can’t rest without one another. How do I keep them together?
accidentally posted draft, need few minutes more …

Back to the business… (I apologise in advance for possible pile of misconceptions and gibberish coming from a freshman)

Aforementioned devices:

RB5009 - router
Chateau (actually already dual purpose) - backup WAN + wifi access point by day / wannabe travel router by night

Current network situation: (I’m just adding all the info that comes to my mind as potentially impactful on finding the solution)

  • LAN is divided across multiple vlans with trunked traffic being carried through CRS switch to APs (with management vlan for… well management)
  • 3 ISPs connected to eth ports ports of RB5009
  • cable modem [dynamic ip, DHCP client]
    • fiber ONT [static ip, pppoe]
    • passthrough from Chateau’s LTE interface [static ip on DHCP client]
  • second ether is trunk port that connects Chateau-as-AP-personality to CRS (through which it connects further to RB5009)
  • RB5009 has wireguard interface, providing remote access to home LAN for my personal devices (phone, tablet, laptop - normally existing on management vlan) [LAN 172.16.0.0/16, WG 192.168.99.0/29]
  • firewall is configured only on RB - every now and then, when moment of doubt come along I’m here to calm myself by reading this thread :wink:

THE GOAL:

When moving to any remote place, I would unplug Chateau and take it with me (instead of running WG clients on each personal device)
Two possible scenarios:

  1. using internal 5G/LTE modem for internet connection
  2. connecting to someone’s LAN with ethernet cable* ( :question: will there be any additional implications of double NAT in this case? )
  • scenario B’ would be to use one radio instead of eth to connect upstream (not sure if it’s correct nomenclature) towards internet and the remaining radio for my LAN?

My brainfarts on the problem:


  • I’ve created wireguard interface on Chateau and added it’s details as peer to wireguard on RB5009 (so now I have 3 originally configured personal devices and 4th that differs from the other by having Endpoint and Listen port - not to mention unique allowed IP)
  • Started adding RB5009 wireguard details to peer section on Chateau’s end in the same manner when an avalanche of doubts started falling on me (and here I am…)
  1. :question: interface name - is it ok that both sides use the same name for wg interface (as in “what’s considered best practice”)
    :question: listening port - no way to hide my lack of basics here - is my understanding correct that both devices can have the same port set on their sides as the connection will always start from one or other side?
    :question: endpoint ip - same as above, but what about the case when I have Chateau connected to other LAN (better WAN connectivity?)
    This actually again brings another two scenarios to the table:
  2. an obvious one when I want to connect home from remote
    2. unlikely to happen often but feels like “why not” - remote from home
    :question: is it possible to initiate connection calling LTE static IP but then continue on another interface? - I believe since there is no port to specify in policy routing rules it would at least involve some route/connection marking in mangle process?
  3. FIREWALL - this time I need to have firewall on Chateau itself (or don’t I?)
  4. two scripts to adjust configs - transforming AP+ISP ↔ ROUTER
    but what elsewould be needed to setup?:
  • firewall (filter, mangle, raw, address list)
    * DHCP - is there a way to keep it on management vlan coming from RB?
    * routes (table for wg and rules to select)
    2. backup file instead of script - doesn’t seem right as in maintenance of two versions with every change
    3. maybe there is a scenario where I could set everything to go through wireguard thus keeping minimal ruleset (“allow finding home” AND “drop all else”)?
    4. I feel like ZeroTier is lurking from this pile of unknowns? (pardon my ignorance, but I haven’t yet managed to understand what problems can it solve for different scenarios)

Sorry for any imprecisions in descriptions above, but it’s perfect reflection of my current view on the topic.

What I ask is to push towards the right solution, and than I promise to go after it and clean this topic.
Thank you for your time in advance