My ISP does not provide Static Public IP. (rather they charge extra for static IP). It is behind CG-NAT, Public IP keeps changing.
I would like to access local resources (connected to USB of Pi4) from Outside via Wireguard VPN. No need to have USB 3 to Ethernet adapter. WiFi in Pi4 has to be enabled and available to access the local resource.
Is it possible with OpenWRT running on Pi4(acting as ISP router) + Wireguard VPN. ISP cable is directly connected to Pi.
In such case, is it possible to do port forwarding.
OpenWrt for Pi 4 is downloaded to Pi.
What to do next.
If you have an IPv6 public address you can use that to connect.
Otherwise you need to have a Man in the Midle, I have an Oracle Cloud VPS, which is still free, on which I have setup a Wireguard server.
My router is connected with a WireGuard client to this server and the server also functions as my entry point for other WireGuard clients to connect to my router.
Other solutions netbird, zerotier, tailscale etc.
See for some information my notes about setting up a WireGuard server
I would look at Tailscale which uses Wireguard but adds additional features that allow it to function behind CGNAT, dynamic public or private IP, NO Port Forwarding required. It also has inbuilt Magic DNS which is very useful.
Pi 4 (Tailscale Exit Node) <---CGNAT---> Remote Tailscale Clients