Hello all,
I am an old school VPN tunnel guy, so I always think in a tunnel being a one to one situation. In the connection based world can one connection have multiple different remote connections running against it? For example my Site A OPNsense firewall has a Wireguard connection. Can this connection support multiple remote connections at the same time, being a combination of client and site connections?
Thanks,
Steve
Yes.
You can add as many wireguard peers (site2site and clients) as you want to a single endpoint (instance).
Quote from: Monviech on December 28, 2023, 06:21:30 PM
Yes.
You can add as many wireguard peers (site2site and clients) as you want to a single endpoint (instance).
If I have an endpoint that will have client and site connection can they all use the same port or do I need a separate port for clients and sites? I can get the client connections to go on port 51820 but I cannot seem to get the S2S connected.
It works all on the same port. Any peer can connect to any endpoint. Wireguard doesn't seperate s2s or roadwarrior. They're all the same peers.
Quote from: Monviech on December 31, 2023, 11:03:25 PM
It works all on the same port. Any peer can connect to any endpoint. Wireguard doesn't seperate s2s or roadwarrior. They're all the same peers.
Ok new question...
How big of a subnet should I use for the site to site peers, knowing that client connections will also be a part of this. Typically if this were a traditional S2S connection I would use a /31 since there is no need for a broadcast. Can this work for S2S and C2S connections? Could the client IP side be in a different subnet?