Hi there
I've been using Mikrotik for personal stuff for ages, and recently learned about Wireguard after the V7 upgrade
I help an ONG (got them an azure sponsorship), and since they can't get a public IP (ISP gives them a fake public IP behind double Nat), I thought about setting up a VM to be their Wireguard "core".
I could go Linux, but I like Mikrotik and made a CHR instance.
The VM has only one physical (well, virtual) interface.
Should I add another in a different network to use as WAN and the current one (same as the sole azure VM they use) be left as LAN?
I am accustomed to mikrotiks with 5 interfaces (1 as WAN, 4 in bridge) for home/small office use (no plans).
Here, I would only use the CHR for wireguard (office/guardpost/road warriors would connect to it, gaining access to the azure VM AND the office network).
My idea is/was to only expose the WG port and allow CHR management either from WG or the azure VM (which would share LAN with the CHR).
Do I need a WAN interface and "normal" firewall settings in this case? (CHR would be behind Azure's firewall)