Hello, everyone. I am trying to switch from ExpressVPN to using my own VPN server via Wireguard. My network topology is roughly as follows:
In order of incoming connection from the wall:
ISP → Cable Modem (WAN) → pfsense router (WireGuard VPN Server) → OpenWRT (Dumb Access Point)
I know that I have to add the devices in my LAN as peers of the WireGuard server, and I’m okay with that. My issue is that I have several wireless devices that connect via an OpenWRT Dumb Access point then it connects to my pfsense router and then out to the internet via the Cable Modem (WAN). The devices that connect to the OpenWRT wireless access point are all on a different network segment so that they can’t talk to other devices on the LAN but devices on the LAN can talk to them. So I have a LAN and IoT (wireless devices) network segments. Adding the LAN devices as peers to the WireGuard server on the pfsense router is a piece of cake but I am struggling with whether or not I need to setup my OpenWRT wireless access point as another peer to the WireGuard server on the pfsense router or if I can just leave it as it is because the only function it provides on my network is to give wireless devices a way to get internet from the main pfsense router (WireGuard server) on my network. So in summary, my question is, do I need to configure the wireless access point as a peer or can I just leave it as is? Thank you for your time and any help on this greatly appreciated.