Using AR750 as dedicated vpn server

What is the recommended configuration on th AR750 as a dedicated vpn server where:

  1. WAN is connected to DMZ
  2. LAN port has static configuration to internal trusted network

Or is there a better way?

Thanks

  1. Maybe you can just set up port forward than setting up DMZ.

  2. What is the purpose of this?

Previously, none of my routers supported WireGuard. I would like to implement this for my home VPN. I already have a router, and I plan on taking a AR750 when I travel.

I thought for compatibility to put another AR750 as a dedicated server for WireGuard. I need it to function as a firewall - but not really a router- with WireGuard. If I set the rules to block all traffic (with perhaps the exception of the VPN port), would it then block the router traffic? Also can I disable DHCP on the AR750?

Port forwarding is an option - rather than DMZ - or perhaps in conjunction with DMZ if my router allows that. I was just trying to leverage monitoring of “less secure” subnets.

I setup an AR300m16 as my home WireGuard server, as my firewall/router does not support WireGuard. I used the MAC address of the AR300m16 WAN port to use DHCP mapping the the WAN port to a specific internal IP address, so I could use port forwarding. I then used port forwarding on my firewall to send the WireGuard UDP traffic to the AR300m16. On the AR300m16, using the Firewall menu, I opened up ports 80 and 22 so I could manage it from the local network. The AR300m16 is running firmware 3.024.

It has been working fine for over a month with 3 WireGuard clients, a USB150, an AR750 and the WireGuard Windows 10 client. Please note the version of WireGuard supplied on the GL iNET products is a bit old: 0.0.20181119, but it is working fine for me. I am waiting for GL iNET to update the WireGuard version on all their products.