WireGuard proxy (Home VPN) configuration

RouterOS General
1

Hello

i have the necessity to create a wireguard tunnel from my office to my house.
To do it, i want to buy a hAP or hEX to work as a WIREGUARD node at my office. That device will create and manage the tunnel, and redirect the traffic on ether1.
At home, i have an SXT LTE6 2024 (1 bridge config, lte1 as WAN ether1 as LAN) and i want that the tunnel is applied ONLY on a specific device (MAC/IP).

What configuration I should do both sides?
Thank you in advance.
P.S is also Port Forwarding mandatory?

2

Which end has a public IP or an ISP router that one can forward a public IP too…

I would setup a wireguard connection at both ends, one of them being the server for handshake and the other being the client for initial handshake.
https://help.mikrotik.com/docs/spaces/ROS/pages/69664792/WireGuard
https://www.youtube.com/watch?v=vn9ky7p5ESM

https://www.youtube.com/watch?v=P6f8Qc4EItc <----- should be good

3

Thanks!!
And what I should do for the specific device application?

4

Not sure what you mean, you configure wireguard at each end as applicable.

5

For example: the main bridge, haves 20 hosts connected. I want that the Wireguard tunnel is only applied to the device 192.168.88.20, not the 19 others.

6

and also…what port i should open on the ISP router?

7

For starters you need a plan, and clear requirements For example I have no idea whether the 20 hosts are on the hex or SXT.
Nor which router has the public IP and will be set up as Server peer for handshake.
So suggest provide a network diagram with some detail…
both configs currently
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys)

and state the requirements clearly:
a. identify all the users/devices on the networks, ( external, internal, and admin also)
b. identify the traffic flow needs of all.

8

the 20 hosts are on the hex.

this is the diagram i want to do: