I have a user that will use a residential StarLink on location, and that thing is behind a CGNAT.
How to punch through to make a WireGuard work for remote access / admin?
Why? It is WireGuard, with specific client in. Should be quite safe. Or? What am I missing?But don't do it in prod.
It's only for HO.
Exactly my point. If a client is not willing to shelve out for a business connection with an fixed IP, then I don't really see them willing to finance a CHR instance configuration and maintenance.A bit over the top, but it should not be used as a business entity as on occasion, not very frequently the Mikrotik servers have gone offline. A couple of times a year is probably a safe bet.
As on the price of the cloud server - the issue is not a few bucks needed to make it work, but time to do so. All these costs need to be passed onto the client, and it adds up. It is simply more cost effective to have a business class internet access.Nothing for you to worry about unless your a hospital, a bank or any business requiring 24/7 VPN up time.
If that is concern then rent a server in the cloud, for like $7 a month and put a CHR on it and use that as the wireguard server.