I’d consider myself a newbie but I should give myself some credit for how far I’ve come…so I will try to be as detailed as possible however if I’m being an idiot, I can take constructive criticism.
At work, I have a CCR2004-16G-2S+ as our router. We have a static IP and routed /27 CIDR block of IPs (probably not relevant but may be helpful), served by Cox cable (but fiber coming in next month).
I setup 3 subnets. 192.168.2.0/24 for general devices/computers, 192.168.3.0/24 for security cameras and 192.168.4.0/24 for VOIP phones. This is working quite well!
I’m using two identical CRS354-48P-4S+2Q+ switches, one handles the general device/computers network and is essentially in its default configuration less a couple small tweaks. The second CRS has two bridges, and is split in half with the VOIP phones on ports 1-24 and the security cameras on port 25-48. Easy enough so far.
At home, I have a hAP AC3 (which by the way is AWESOME) that gets its WAN connection via Starlink (not so awesome but one of few options). I have the Starlink in bridge mode with the RJ45 adapter, The hAP is successfully operating as a router, passing traffic, firmware updated, all the good stuff. The LAN address range at home is 192.168.33.0/24
I have wireguard setup between work and home, and I have set a route, DST address=192.168.0.0/19 and gateway=wireguard1, and also added 192.168.0.0/19 to the allowed IP list at home. I can successfully access devices at work from my computer at home no problem.
While I, as the guy that setup the whole system have no problem referring to things by IP addresses that I have memorized, this is not the case for my partner that is used to accessing devices via network discovery (network tab in windows). He wants a better solution and I’m just thinking a bunch of desktop shortcuts, but I figured I’d ask a question here first -
Please help me understand, is the reason that none of the devices at either end of the wireguard tunnel show up via network discovery because network discovery only works for devices on the same subnet? I’m going to base the next paragraph on this assumption.
Again, learning here, and NAT is an area I struggle grasping. I was thinking, for the most important devices, could I set a NAT rule at home so that the devices on the other end of the tunnel appear as being on the same subnet to the computer at home? I have no idea if this is possible or how to go about it. I am assuming this is needed because wireguard documentation is explicit that you can’t have the same network address on both ends of the tunnel…but is there a better way?
Look forward to any feedback and chance to learn!
Dexter