Unfortunately, I have a connection behind NAT, so there is no public IP address and no possibility of opening ports.
Due to my need for a public IP address, I am paying for a VPS with a public IP address and RouterOS. Until now, I have used IPSec (with addresses 10.10.10.0) to establish connections from multiple clients, and I defined some NAT rules.
Code: Select all
add action=accept chain=srcnat dst-address=192.168.1.0/24 src-address=10.10.10.0/30
add action=accept chain=srcnat dst-address=10.10.10.0/30 src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="Home Assistant" dst-port=8123 in-interface=ether1 ipsec-policy=in,none protocol=tcp to-addresses=192.168.1.6 to-ports=8123I want to recunfigure everything with Wireguard, where I have addresses 12.12.12.0, I have configured the peers, the VPN works correctly, the devices on the Wireguard VPN can ping/talk to each other.
From RouterOS, I can ping the Home Assistant IP 12.12.12.4. All the devices on the Wireguard VPN can access to the Home Assistant 12.12.12.4:8123 page.
But... I would like to open port 8123 on the RouterOS so that it is possible to access the device without using the VPN, just as I did previously via IPSec with VPS_PUBLIC_IP: 8123.
I tried to replace the NAT Rules with these:
Code: Select all
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=12.12.12.4 protocol=tcp dst-port=8123 in-interface=ether1 to-ports=8123 comment="Redirect to Home Assistant"Do you have any suggestions?