Access my local network from internet without public IP

I want to access the devices on my local network, I'm interested specially in the CCTV camera and the Desktop via VNC.

Unfortunately, I use a 4G modem at home, so no public IP, and no chance, as I already asked.

Actually, I have a VPS with IP public and an Wireguard server, instead on my local network I have a router (GL.inet MT300V) with wireguard client and the connection client server work correctly, also with the other device in local I can surf with the IP PUBLIC assigned to the VPS.

My problem is to connect at IP PUBLIC xxx.xxx.xxx.xxx:80 to call internal IP like 192.168.8.15:80.

Please see the image

wireguard1366×2093 347 KB

The port forwarding work correctly, I alredy tested in a network with public ip.

Thanks in advance for the help.

it should work fine to run two instances of wireguard on the VPS. one would be for your home router and the other for your laptop. you will need to configure it so all the IP address ranges are allowed, and configure the VPS to allow forwarding between the wg interfaces... but otherwise it should work fine. I do this all the time.

edit: there are wireguard programs for Android, Linux, windows, macos, iOS... so you can run it on whatever your client is

Thanks @dlakelan for your support,

I can't install the clien in all other device, but i want to know how I can "ou will need to configure it so all the IP address ranges are allowed, and configure the VPS to allow forwarding between the wg interfaces...", can you exlpaine it better?

Thanks in advance.

That's impossible, because you said:

For a successful setup, you'll need at one router at each location capable of running Wireguard between the VPS server.

Right, but you don't necessarily have to have wireguard on every client machine. For example you can use a travel router remotely and then allow all your client machines to connect to this travel router.

Correct, I agree. You need a router (as noted):

(at least one router*)

You could also try DDNS, though that could make your network more vulnerable.

I don't know about wireguard exactly, but you can also use OpenVPN-server on VPS, and clients. After that you should configure LAN behind client, RoutedLAN.

his router is behind cgnat and doesn't get a public IP at all!

I use only Wireguard, please see the updated image. After last info I can ping the router on 192.168.8.3 but I Can't ping other device in lan like 192.168.8.15. Thanks in advance.

wireguard1366×2093 346 KB

Could you add route to lan network on VPS, and check again from VPS?

Actually the result of IP ROUTE on VPS :

it's correct ?

Yes, I see route to 192.168.8.0/24 network. Could you ping devices from this network from VPS?

I can ping the router on 192.168.8.1 but not a device on 192.168.8.175, please help me to understand why the ping to an ip without device reply with "destination host unreacheble" instead the ping to device no reply.

image765×318 19.9 KB

Have you enabled forwarding from wg zone to lan behind router?

The router firewall:

it's correct?

In section zone network should be, not device. See examples for default lan, and wan.

Whatever wireguard_lan and wireguard_wan are supposed to be, they're incorrect.

EDIT: I'll say instead that they're likely unneeded, and the tags should be omitted.

this ?

image467×503 7.42 KB

many thanks for your time

Yes, however I suggest you to assign 'wg0' to new zone. In my config, as @lleachii has mentioned, there is no word after zone, or forwarding. 'wg0' is treated in firewall as interface, not device, see /etc/config/network