Glad it helped

Hi There, that sounds like a good video suggestion. we will add that to our list of video walk-thru tutorial, but to answer your question the WireGuard server in the cloud would advertise the routes to the machines that connect in.

I’m still puzzled about that, Would love to see your video about it :)

Hey @aaronjohncanlas9740 be on the lookout tomorrow we've uploaded a video that shows how to get this done via pfsense. Enjoy! kzbin.info/www/bejne/aYaTkouIh6t3d6s

This Tutorial sets out to accomplish exactly what you were looking to do. if you're asking on how you would setup your VPS server there are some general guidelines - If your VPS Hosting provider has a Firewall in place I highly suggest you use it to safeguard your VPN server - limit ssh access to this VPS server to just the machines that will be managing the server - if the VPS doesn't have a firewall ensure you install one for the OS and limit to the ports you will need If you're looking to have a VPS wireguard server setup for your internal network don't hesitate to reach out we would be more than happy to assist. info@aktuconsulting.ca

Hey there, I would need a little more detail regarding the use case but in essence this would be the method to either make your IP their static IP on the internet by setting their config for AllowedIPs as 0.0.0.0/0 this forces all traffic over the tunnel. However if you're looking to make your starlink network publicly available via wireguard that's where things get a little trickier. Hope this helps. If you have any other questions don't hesitate to reach out. Info@aktuconsukting.ca

Hi There, yes if you have a static IP at the office then that is what you would use instead of a cloud Server

make port forward on the cloud server and on the remote side setup wireguard server , so when you hit the port on cloud it will go through tunnel to destination and take public ip address

Hey there @guacamolehorizon glad you find the video useful and thank you for commenting on the video. let me go thru the log hanging fruit here. Without knowing your exact network layout if your wireguard1 client is publicly reachable then you would set your allowed ip's to 0.0.0.0/0 and make it a peer. this tells your wireguard client to channel all it's traffic via wireguard. if your setup is identical to the one in the video here changing the allowed ip's to 0.0.0.0/0 will route all your traffic to the wireguard server and it would leverage that IP these 2 solutions are the easiest to implement if it works for you. if you want wireguard client 2 and wireguard server to route all their traffic to wireguard client 1 it may be technically possible but definitely not a typical setup that I haven't had to implement before. I would have to do some testing to see how feasible that would be. if you're able to draw out your current network setup I could help confirm which of these 3 is the best way to go. you can reach us at info@aktuconsulting.ca

actually it's great that you have different subnets most people run into issues where they use the exact same subnet on both ends like 192.168.1.0/24 and then wonder why they can't connect to the network on the other end. as you can see in the document I put out so long as both are separate networks and you instruct the client/server which are the allowed networks for the respective peer it will route the traffic.

port forwarding would only be needed on your Wireguard server

Hi There, Yes the video you watched discusses this very option. as stated in the video you need a intermediary server on the cloud that you can reach by both the starlink service and your road warrior or other network and via a VPN service such as wireguard setup routing between both networks.

@@aktuMedia I was considering using tp link omada TL-ER605 to create the VPN server with several protocols like OPENVPN, I don't know what you think about it? or does it only work with Wireguard? Sorry for asking these questions but I don't know a little about networks.

That's perfectly okay. The VPN service you choose doesn't really matter what matters is the routing within your home network and the vpn itself. I tend to promote wireguard because it's faster and less complex than openvpn. Your router won't be as important as which vpn solution you're more comfortable with. We will look at creating a video on this solution with openvpn in a future release.

Hi There, i'm not entirely sure I fully understand your question DDNS would not be the issue as your starlink connection would not need DDNS it would connect to your Wireguard server. Technically speaking Starlink doesn't support any VPN connection in our testing Wireguard is quite stable for point to point connections so long as your other server has a static IP and is setup with a dynamic peer.

This will work for any CGNAT internet provider. Starlink was one most of my clients were complaining about.

@@aktuMedia bro i tried the softether vpn method with azure enabled by that clients can connect to my vpn server but there is also a Minecraft server running on the same matachin but my (clients) friends can't join the server my question is , is it possible to host a Minecraft server or any other game server behind cgnat and expose it to the internet via your method? life sucks and not having a public ip sucks even more

Yea CGNAT can be painful to handle so the easiest method would be to have your friends/clients connect to your VPN using this method as it would just require everyone routing in that VPN network. if you REALLY want to have your game server exposed to the internet in a traditional way would be to nat the traffic from your cloud machine down to your game server via the VPN, I haven't done this for any clients as of yet and I know it's technically possible I just don't know how it would affect the gameplay.