Well, what if the Warehouse was natted? Couldn’t it be done? I think it could…
Anyway, one of my ISP routers allows mode bridge. That, as far as I understand, means I can have the mikrotik behind that ISP router with a public address on its WAN. I’ve tried it and it shows a public WAN address.
The other allows DMZ. Not really as a DMZ server, as far as I understand. It “kind of” works as a bridge. The mikrotik has a natted WAN private address, but the all the ISP router (no firewall, no NAT port rules, no nothing) is doing is driving all traffic to the mikrotik WAN port. It’s just replacing 1 public/1 private IP. There’s nothing else connected to the ISP router, I’m using it as a fiber/ethernet converter. I’ve been long using my RW wireguard server precisely on this mikrotik (RB5009) without caring about the fact that it stands behind the ISP router and has a private IP on its WAN interface. I just forget about that and everything works fine, just like I had the RB5009 with the public IP on its WAN interface.
And now the problems have began. In the second site (new site) I connected an hexS router that I had lying around. I managed to setup the ISP router in bridge mode and I obtained a public address on the mikrotik’s WAN address. Since I was going away on vacation, I first wanted to make sure I could connect to this second site as easily as I connect to the first one (RB5009), so I could work on the site-to-site link during the vacation dead time. Therefore I decided to setup a RW (for my laptop) wireguard interface on the hexS, thinking I would deal with the site-to-site wireguard interface later. I just could not do it. After making sure I had not done any mistakes for 1000 times, I searched the internet and came up with this post which mirrors my problem:
http://forum.mikrotik.com/t/rb760igs-wireguard-road-warrior-issues/155823/1
The issue (same as mine, including logs) was not solved.
So, my new question is: Do I have to buy another RB5009 for the second site? Is there an insurmountable problem with wireguard and hexS?
I ran out of time to even setup an ovpn to the hexS. So, I’m away of both sites until September, I can’t run any tests on site 2 now.