I have two hAP AC2 running in two countries, Site1 and Site2, with a Wireguard tunnel between them. Site 1 is a remote site and has a Static Public IP, configured directly on Eth1 on the router.
I’m planning a change on that site, replacing the existing ethernet cable with a fiber plus an FTTH router, so my MTik router will end up behind it in a LAN port, probably getting it’s WAN IP by DHCP.
I have no physical access to that site during the change, my mom will just provide access to ISP team. I live at Site2.
task: not to get locked out !!
My ideas:
to add eth1_WAN interface to DHCP Client: add interface=ether1_WAN add-default-route=yes default-route-distance=1 disabled=no
change current static route 0.0.0.0/0 → ISP_GW to distance 5. But i guess it should become unreachable after eth1 reconnection.
allow MK WebUI from WAN, in case i’ll have to remote desktop my mom through the new wifi. Also ease other FW rules, just in case.
i configured Wireguard to initiate handshake to Site2’s Endpoint. Seems to work.
Do you have any ideas how to make it smoothly transition to new WAN? Any other recovery measures I should prepare in advance?
Its not clear which device CURRENTLY is the wireguard server for handshake??
If its Site 2 the home, then not to worry, where the WAN gets done direct or via private IP is of no bother to the tunnel.
If the server is the Site 1 current public IP, then I have to ask —> does your HOME (site2) router have a public IP??
If yes, ensure its server for wireguard (reverse client and server peers) and I would create a backup SSTP tunnel and test it before making the change, it would work regardless of public or private IP since site1 would be client.
If no, I would rent a CHR in the cloud for a month like $7US, and create wireguard from both sites as client peers connecting to CHR before making the change.
Site2 also has a public IP, but it’s not on my router. It forwards all the ports to my ac2 WAN port.
normally both sites WG peers had Endpoint configured, i.e. pointing to each other pub IP:13231. Now it runs only Site2 as the server, so the Site1 successfully calls “home”.
But this will work only if Site1 will successfully:
Update: In “Safe Mode” I’ve enabled DHCP on my Site1 WAN port and it got the same WAN address i have configured statically. I’ve disabled the static IP and static default route - all good!
