I will second wireguard. You also have public IPv6 so the possibilities there are fascinating. I did manage to do an EoIPv6 tunnel over starlink to solve a short term problem... On Tue, Oct 10, 2023 at 7:01 PM Jason Hecker <jason@upandrunningtech.com.au> wrote:
Wireguard can work behind NAT but one end has to be reachable at all times.
I got caught out the other week with 2 Mikrotik routers that had a Wireguard connection not work as one ended up behind 4G CGNAT and the other switched to AussieBB CGNAT. Once the 4G end was restored to a normal publicly reachable IP it worked again.
From what I understand one end can change IP's say from a reachable to non-reachable address like you would switching from Wifi to 4G and the VPN remains uninterrupted. As mentioned above the far end has to be on a reachable IP. So this setup works well for a Wireguard router that is on a rigidly static IP and the other end is a roaming VPN user. It reminds me a bit of the "persistent" mode of OpenVPN.
Each end is also equal as such, so there is no server/peer relationship at the interface level like other VPNs.
https://www.wireguard.com/ explains it simply enough.
Regards, Jason Hecker <https://www.upandrunningtech.com.au>
On Tue, 10 Oct 2023, at 18:32, Karl Auer wrote:
On Tue, 2023-10-10 at 18:17 +1100, Roger Plant wrote:
Wireguard, Built into latest Mikrotik versions, it's very good, easy to setup and quite brisk.
Client Peer(s) can be behind CGNat. Server Peer needs a udp port (either port forwarded or directly on wan)
Interesting, thanks! Is it bidirectional once established, i.e., can connections be initiated over the VPN from either end?
Will look into it.
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au