Hello Forum,
I would like to test Wireguard in my network as a possible replacement for my OpenVPN. Currently I use OpenVPN over my IPFire.
My network consists of a DMZ (orange) and a green network.
I would like your input on how to do this as I would like to use the Wireguard connections with my PI-Hole which is in green.
Procedure one would be to install Wireguard in the DMZ and create a port forwarding for the Wireguard IP from the DMZ to the “green” IP address of the PI-Hole.
Option two would be to install Wireguard on the “green” network and open the firewall for the Wireguard port to “green”.
What is the most secure solution from a security perspective?
Another question: I also want the Wireguard clients to use the web proxy (WPAD) of my IPFire. What is the correct procedure here?
Do I also need to open a port 800 to the IP of the IPFire?
I would be really grateful for any tips and tricks from the professionals here and I say thank you in advance. 
Cu
johnny