Hello all, sorry to bug ya! I’m setting up a new WiFi at my parents house, and am going to use a hEX PoE (RB960PGS) as their router.
I went with this because it suited my wants/needs best out of my options. Minimal equipment, and PoE for AP’s.
I was curious what options are available for it for VPN access? When searching, it’s hard to know exactly because there’s a lot of “for this software on this hardware” etc, it seems.
I currently use Tailscale for my own homelab/Network, and that would be ideal. However I know this box doesn’t have ARM processor, so that may be out of the question.
They only live 5-10 minutes away from me, so all I really want the VPN for is to be able to check their side of the network if I get the wonderful “My internet isn’t working” call from my mom. Anything else I can just go over there and plug in directly.
They mainly use their wifi for Apple TV and Fire sticks, plus their phone, and my mom has a laptop she uses. But the ISP router/wifi all in one unit isn’t that great, as I’m sure we all know.
With the latest routerOS, wireguard would be the obvious choice.
I am using a hEX-S at both my home and my parents.
I have a permanent wireguard connection between them.
WireGuard works great, is compatible with all mikrotik hardware on v7, and works on windows/ios/android/mac/linux
Thanks! I’ve seen it mentioned both ways that wireguard would/wouldn’t work with the hEX as they don’t have ARM processors. After getting so much conflicting information that’s why I made this post. For answers just like this! Haha.
Thanks! I saw multiple discussions about WireGuard working on Mikrotik, just so much conflicting about what devices it was able to be used on.
Sounds like he is considering a site-to-site setup (I assume he has a Mikrotik router at his location) - in which case its direct mikrotik-to-mikrotik, no need to involve anything else.
I’m not sure why that would matter…
Got a source/link for where you saw reports that it would not work?
wireguard does work on every platform I use it on my hex also. The thing that “wouldn’t” work is zerotier or back to home
you can use it for mikrotik site-to-site, or you can use it for mikrotik-to-pc, or even pc-to-pc without using any mikrotik at all.
Wireguard works great for Mikrotik site-to-site as well.
I actually don’t have any Mikrotik hardware myself (yet…). But you are correct, it is for site-to-site. I have a whole lab at my own residence. But for their place I was looking to have as little hardware as possible, and checking through mikrotik offerings I saw the hEX PoE and it was exactly what I was looking for.
Appears I got lost in the research confusion. Mainly zerotier is the one mentioned for ARM, not wireguard.
Yes. As I noted, I have a site-to-site setup myself.
You don’t need any outside service to setup a wireguard tunnel between two mikrotik routers, as long as at least one of them has a normally accessible public IP address that can be reached from the other.
It won’t be mikrotik to mikrotik, but I have a lot of options in my lab of where to put a wireguard client.
this might complicate things in your case as a first setup if your parents house got a public IP setup a vpn from your pc or phone to their hex. Then try on a new interface a site to site vpn see if it works
I haven’t received the hex yet, but I’m preparing myself for fun times ahead with the VPN, haha.
I’m going to set it up and test it in my environment, but I know as soon as I plug it in over there it’s a different WAN address, so that’ll change things. Luckily it’s not a need, just a “nice to have” thing, to help me if I get a phone call.
yeah I do the same but site to site at first it was just phone to tailscale node (a pi zero with a usb ethernet)
you could get a pi zero or and old pi 3 and run tailscale on it so you can access the hex from it