How to: only eth0 + wireguard (on AR150)

To be able to manage my parent’s network remotely, via wireguard, I want to repurpose an old GL Inet AR150 (I have flashed 23.5.3 to the device.)
The AR150 will be behind the docsis modem, connected to eth0.
On the docsis box I have added a port forward for the wireguard traffic and a dhcp reservation for the AR150 eth0 mac.

As only 1 ethernet cable will be connected, should I assign eth0 to WAN or LAN?
If I connect eth0 to WAN, I think I should disable masquerading, accept input and remove all rules.
Connecting to LAN would mean changing from static to DHCP client, remove DHCP provisioning.
Which option is better?

I would setup as a dumb AP:

Then setup the WireGuard server
You need to port forward on the main router
Either set a static route on the main router for the WG subnet pointing to the GL Inet or easier enable MASQUERADE on the LAN zone of the GL inet

Edit: to avoid problems, take note that all three involved subnets need to be different, meaning your router side, your parents router side and the WG subnet.
So e.g. if your subnet and your parents both are something got to give.

Neither. Both are equally valid approaches, and I have used both on occasion. Ultimately it's your choice which approach you prefer to take; you might have an intrinsic preference for one over the other. From your post, it's evident that you already know how to make each approach work as well as the caveats for each approach.

1 Like