I also route everything through my pfsense firewall to mullvad VPN. I’ve been looking at various ways to access the internal network from the outside internet safely, and I’m a bit hesitant to open that hole just yet. Cloudflare tunnel seems like the easiest option but apparently they can see everything you put through the tunnel and I’m not real comfortable with that.
Does one need a dynamic dns to use wireguard to tunnel back in, or is there another way of ensuring you can connect to the correct location? Does the wireguard server run on docker?
Thanks, I’ll give this a shot in the coming week!