Creating a VPN gateway between router and modem?

Hi everyone

Like many of you, my carrier put me behind a CGNAT. Currently, I just rented a vps, installed wireguard on it and forwarded ports 80 and 443 into my home network.

Now, as I need to redo some things in my infrastructure anyway, I asked myself if it is possible to do it in a “nicer”(?) way.

I would like to achieve the following things:

1. Have a “public” and static ip address on my UDM Pro´s WAN Port (Router).
2. Have “public traffic” in FRONT of my Firewall (UDM) and not inside my network.
3. Have a “cleaner” setup (?)

As I have an old thin client (Futro S920 with 3 lan ports), I am looking for a way to make this something like a “VPN Gateway”? It would be the first (and only) device behind my fiber ONT (at port 1)", connected to my vps using Wireguard and serve the “VPN traffic” out to “Port 2” which is connected to the WAN Port of my UDM-Pro.

Planned Setup

What do you think? Is this a good Idea? And how could I implement this?

I thought about pfsense on the s920, but how can I make the UDM think that traffic is coming from the “public ip” of the VPS?

Any thoughts on this?

I’m not sure if this is what you’re looking for, but here is my networking setup:

I was able to create 3 zones in my router using OpenWRT.

Zone 1: local LAN 10.0.0.X/24 + WiFi Bridge: br-MyLan (2 wifi networks here)

Zone 2: IoT 10.0.0.X/24 + WiFi Bridge: br-IoT (1 WiFi network)

Zone 3: VPN 10.0.0.X/24 + WiFi Bridge: br-VPN (1 WiFi network)

Router has 4 LAN ports + WAN port:

[WAN]-(MGMT_PORT* ~ LAN ~ IoT ~ VPN ~ Unused)

MGMT_PORT: OpenWRT portal and SSH is only accessable through this port, its blocked everywhere else.

Other ports: I did setup VLANs for each port, created a Interface + (bridge for WiFi).

It took me 3 days to configure everything, It wasn’t an easy task for a newbie like me. I’m bad with networking.

Useful Links:

• [Add wg Client] (Wireguard Setup on OpenWRT Router - StarVPN)

• Official docs for WG-Client *good to read

• Policy based Routing

• OpenWRT networking basics

• How to create VLANs

Good Luck!

I have a very similar setup on my OpenWrt router. Fortunately I found a channel on YouTube which had tutorials for all of the stuff you mentioned and rest was available on the openwrt.org documentation.