Hi, I have read this post https://forum.openwrt.org/t/double-cg-nat-4g-isp-crossing-by-wireguard-tunnel-between-openwrt-router-server-and-android-phone-client/100912 and some viewer has recommend me to open a new post.
This is what I have. I have two MR200 4G LTE router with openwrt firmware in which I could install wireguard packet. Both ISP providers are behind a CGNAT so I can not a public IP and incomming ports are closed, you know.
I also have a Google VM running with an static public IP. (static or not static it could be solve with no-ip service, here the most important thing is that it is public).
Google VM is serving also norered, mosquitto, grafana,.... to internet and I must keep this working.
"Today" I have one openwrt router tunneling with wireguard with the google vm in order to upload all my domotic house parameters (mqtt by tasmota), so I know the basics (very very basics) of how to configure wireguard in openwrt or editing config file in google vm.
With my phone or any other device, I could check my grafana data from GoogleVM, or even send mqtt messages throught internet with a less secure system in compare with wireguard tunnel. (magenta line, yellow line from "phone or external pc" will be like "client3", I have painted it only for reference, I think that it will be very easy to configure if I have the server-client1-client2 working)
I want to make what this schema shows:
I need to add a second client in other city also behind a 4G LTE CGNAT sim card. I want to see the devices connected to client1 from client2 and client2's devices from client1's devices.
Ideally, after I have this working (and probably I need to search more before opening new posts....) I will try to solve some of these questions:
- I will try to make two different wifi SSIDs in both routers, one for wireguard tunneling and the other one without any tunnel.
- I will want to know how I can make the machines connected to the wireguard tunnel, access internet throught Google VM (may be it is not possible) or even directly from openwrt router without tunneling. It will be like a switch which I will turn on or off as my needs. My smart home devices are tasmota, so sometimes I need to update the firmware, so I coudl "turn on" tunnel's internet gate to update them and after that, turn them off to protect my home network.
- Configure openwrt wireguard "SSID" with an special MAC/IP to get tunnel devices throught wireguard tunnel, but also to connect internet directly from router. This special MAC/IP will be my laptop. It will be perfect to have it connected directly to internet (by my openwrt router) without "going inside tunnel", but also that I could connect to my devices (tasmotas or remote desktops) that are connected to the same router (easy) and also to the other client, in this case, throught the tunnel, of course.
But first, as question "0", could anyone help me with the three config files for server, client1 and client2 ?
Thanks a lot.