OPNsense Forum

English Forums => Virtual private networks => Topic started by: spetrillo on February 10, 2025, 05:00:26 PM

Title: Wireguard - Tunnel Addresses
Post by: spetrillo on February 10, 2025, 05:00:26 PM
Hello all,

Do client tunnel IP addresses need to be in the same subnet? For example site A's tunnel address is 10.0.10.1/24 and site B's tunnel address is 10.0.9.1/24. Will these work or do they need to be within the same subnet?

Thanks,
Steve
Title: Re: Wireguard - Tunnel Addresses
Post by: Patrick M. Hausen on February 10, 2025, 05:08:33 PM
They will work if you place them in the AllowedIPs list on the respective opposite side.

For point to point links addresses need not be in the same subnet. You can even use /32 if you like. The rest is a matter of routing, e.g. by adding to AllowedIPs which will not only permit the addresses but also add a static route.