LAN

This article explains a setup where a VPS sends traffic through a home Internet connection using WireGuard, while still allowing access between the VPS and the home LAN. Topology Internet <-> MikroTik (pppoe-out1) - Dynamic home IP via DDNS <-> WireGuard tunnel VPS (203.0.113.10) - wg0: 10.10.2.1/24 <-> LAN 172.16.0.0/24 1. VPS - /etc/wireguard/wg0.conf [Interface] Address = 10.10.2.1/24 ListenPort = 51820 PrivateKey = <private_key_vps> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A FORWARD -o %i -j ACCEPT PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; iptables -D FORWARD -o %i -j ACCEPT [Peer] # MikroTik PublicKey = <public_key_mikrotik> AllowedIPs = 0.

This guide provides a comprehensive walkthrough on establishing a secure WireGuard VPN connection between a Virtual Private Server (VPS) and a MikroTik router, enabling seamless access to your home Local Area Network (LAN) from your VPS. It details the necessary configurations for both the VPS and the MikroTik device, covering crucial steps such as WireGuard interface creation, peer setup, IP address assignment, routing, firewall rules, and Network Address Translation (NAT). By following these instructions, you will be able to securely extend your home network’s reach to your VPS, allowing you to interact with LAN devices as if you were directly connected.