Hello everyone,

I have some Mikrotik routers (a couple hAP ac2, an RB2011 and an RB4011) which I'm not using because I never had time to configure them properly, so I decided to give them a try. I'm not posting any configuration because they'll be initialized.

My purpose is to configure them as my actual routers (some Unifi, OPNsense and Keenetic mostly). On these three platform I'm doing the following:
- Creating 4+ separated VLAN (LAN, Guest, MGMT and VPN)
- Wireless hostpots (1x LAN, 1xGuests. MGMT and VPN are not broadcasted)
- Minimal security (firewall rules, lock mgmt from guest/lan vlan)

Then there are 2 needs with VPN

CASE A:
- Wireguard client which route all VPN-vlan clients trough the tunnel. All traffic need to be redirected.

CASE B:
- Router behind NAT and dynamic IP, is there a way to manage it remotely without passing from public clouds? (I.E. establishing a connection to a fixed-IP VPN server in another location?)


I did some test in the past, never understood how to properly configure VLAN (three way to do that!) and get confused because every setting is on a different sub-menu. Maybe it's easier via CLI?
I remember I managed to get all VLAN routing in working order, and also the Wireguard tunnel, but I never got wireguard routing of all traffic working, neither got how to manage natted devices from remote.

Thank you