I've traditionally been using wireguard with a public IP to access my network, but my new ISP sits me behind CGNAT. I'm trying to determine the openwrt community's mindshare for various remote/VPN access for an openwrt router sitting behind CGNAT.
My current shortlist is:
"Assisted":
Zerotier
Tailscale
Nebula
Self hosted via a VPS:
Netmaker
Self rolled wireguard proxy
Wildcard:
Live with 90% functionality via cloudflare tunnels (I'd lose CIFS acess but pretty much keep the rest).
Apparently I do, but openwrt wasn't requesting a lease correctly so it's something I'd have to look into.
And also I'm a little terrified of v6 - is it possible to just use it for the wan interface and bridge it to the rest of my existing v4 network? A brief answer will do - if that's how it'll work I'll have a play and ask for help in a new thread.
If the WAN interface is configured with an IPv6 address and the remote peers also support IPv6 then you can run WireGuard over IPv6. The traffic you send inside the tunnel can be IPv4 or IPv6 (or both, AKA dual-stack).
If your OpenWrt router is fast enough to meet your throughput expectations (~the contractual speeds of your WAN connection), there's not reason not to use it as VPN endpoint (but VPN encryption is rather CPU intensive, so you might need more CPU performance than your router can give you).