Gentelmen,
thank you for the valuable advice!
Lots of options, I see, but all of them demand a good level of understanding, which I briefly have. In anyway, I followed the 1st advice with the vpn, but after spending the very short time I had, I gave up. Temporarily, I will come back to it later.
Next, it was zerotier. Never had tried it, I thought it maybe worth the time. I made the basic account, created the network ID, connected (by approval in control panel) a test w10 machine with public address and then followed the instructions for connecting the wAP to ZT, too. Much help came from
this article, thanks to the titanian effort of Amm0.
Some notes, here:
1. In zerotier interface I had to add "allow-managed=yes", otherwise I had no zt address in /ip/addresses. This is not mentioned in
Configuration example, but on the contrary, it mislead me and I spent some time there, too.
/zerotier interface
add allow-default=no allow-global=no allow-managed=yes disabled=no instance=zt1 name=zerotier1 network=1234567890abcdef
2. Added zerotier1 interface to LAN list
3. Had to add
/ip firewall nat
add action=dst-nat chain=dstnat comment="IPC throught ZT" dst-port=37777 in-interface=zerotier1 protocol=tcp src-address=172.23.0.0/16 to-addresses=10.10.10.253 to-ports=37777
add action=dst-nat chain=dstnat comment="IPC throught ZT - access to webinterface" dst-port=8011 in-interface=zerotier1 protocol=tcp src-address=172.23.0.0/16 to-addresses=10.10.10.253 to-ports=80
And one question, please:
Why in /zerotier/peer/print I see five 10-digit records which have nothing to do with the devices I have in this virtual switch?
Thank you again.