I have two sites, site1 and site2, linked with a wireguard site to site link. Each site provides its own internet connection (VDSL on one, cellular 4G on the other), and also has unrestricted visibility of all the other site (via the wireguard link) too. site1 is on 192.168.252.0/22 and site2 is on 192.168.43.0/24. This works well.
Unfortunately the modems for each site claim addresses within 192.168.1.0/24 and cannot be moved/reconfigured. Normally this would still be OK, as the modems would usually private (not routed) to their respective routers. But in this instance I somehow need to be able to access the webpages of the cellular modem from either site to be able to manage the 4G account (they implemented mandatory 2FA via SMS ).
I'm not really a networking expert, but I don't believe I can achieve this with simple routing (because the two modem subnets overlap), and as the cellular modem at site2 claims the entire /24 and issues the router an IP address via DHCP, I don't think I can do anything with subnetting either, even though the modems are at opposite ends of their subnets.
At this point a picture is probably worth a thousand words. Site1 modem is the ISP-supplied VDSL router in passthrough mode, and site2 modem is the USB 4G cellular dongle:
The most obvious solution I can think of would be to put the modem webpages behind reverse http proxies running on the routers. Then I can access the modem webpages from either of the LANs (ie site1.lan or site2.lan) via the http proxies, and continue to keep the modem subnets private to just the modem/routers.
I wondered about switching the routers from uhttpd to (maybe) nginx to run their LUCI web interfaces, which could open up using nginx's reverse proxy facilities. Or maybe just install something like haproxy on each router. I don't know what would be the advantages / disadvantages of each approach though.
So, would those solutions work? Did I miss anything simpler? What do the experts recommend?