Hi I have been reading about setting up VPN access to my homenetwork (I will setup specific VLANs for specific IPs to have access) and can’t workout what the difference is or how to do it. Assuming I name the main VLAN10 (192.168.88.0/24) and the publicly accessible one VLAN20 (192.168.89.0/24), which is better and how would I set this up? The devices on VLAN10 will need access to some IPs on VLAN20.
Thanks!
All networks in the router are routed by default, either VLANs, VPNs, etc. Everything else, as restrictions, is done in the firewall!
wIreguard
hey thanks, so how do i set this up so resources can be accessed from an Android phone or Windows? If I understand it, I need a config file (public & private keys?) from the clients that I upload and that’s it? Then I just hit connect on the client? Can I set up access from specific MAC addresses or would it have to be by IP?
need a wireguard capable device as server for handshake.
do you have a MT router or device?
Do you have a public IP or can you forward ports from an upstream ISP router device?
i have a hex s
i can get a static IP from my ISP ir use a DDNS such as noip
Setting up vlans → http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
wIreguard
depend of the situation.
Regarding the performance - I will alway go with WG, however if the IPS is blocking the ports, then OVPN is better solution, as no one is blocking 443.
One more note, OVPN interface is exactly the same as physical interface (mac-address), capable for vlans.
…
i was waiting you there.
For some reason that will not work.
I’ve tested today, OVPN does.
i’m connected to public internet(hotspot), where all the ports have been disabled except 443
It depens on OVPN server mode, ethernet is L2 and ip is L3. It is not clear by OP is this is for site-to-site connection or for connection directly from remote non router clients (aka BTH), in such case ip mode needs to be used if mobile clients needs to be connected because OVPN cliient for moble devices doesn’t support ethernet mode.
If VLANS connections are managed by router, firewall rules can be used for managing connections between them and OVPN, Wireguard or any VPN on L3.
Is your OVPN server running on TCP? Wireguard works only on UDP. If such is the case, hotspot is probably allowing only TCP 443 connections.
Sounds like a personal problem, no reason why 443 UDP should not work, unless its a company that restricts ports…
It seems it is browse-web-only public hotspot on which even QUIC is not supported 
Btw, it is possible to tunnel WG over TCP, but requires tunneling tool in container and client side…
Where did the OP say anything about hotspot?? I must be blind.
@nichky did, I was replying for his case
Ahh okay, didnt realize nichky was asking for help!
Not sure if he was asking for help, just to find a reason for:
im not asking for a help , all i’m saying is that you can’t use WG in any situation.
If the IPS is blocking the ports , and even if you play with 433 that will not help to establish connections. Not sure why is that,
So in this case you have to use OVPN
Are you stating that on the same port and with same protocol OpenVPN will work while Wireguard does (sometimes) not?