OPNsense Forum

English Forums => Virtual private networks => Topic started by: gbr on October 29, 2020, 09:01:40 pm

Title: Site to site vpn with wireguard, or...
Post by: gbr on October 29, 2020, 09:01:40 pm

We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald

Title: Re: Site to site vpn with wireguard, or...
Post by: Gauss23 on October 29, 2020, 09:58:01 pm

WireGuard, OpenVPN and IPsec. All of them will serve your purpose.

Title: Re: Site to site vpn with wireguard, or...
Post by: Gauss23 on October 29, 2020, 10:08:42 pm

Quote from: gbr on October 29, 2020, 09:01:40 pm

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Sorry, missed that part.

Why using another device for that? It makes the setup more complex because you need to add static routes to the main router. OPNsense and WireGuard work well, but be warned, it's not yet officially marked as production-ready. OpenVPN and IPsec are the current industry standard right now.

There are lots of tutorials. OPNsense docs cover a lot of different setups.

Title: Re: Site to site vpn with wireguard, or...
Post by: gbr on October 30, 2020, 12:38:58 am

I found tons of tutorials on making OPNSense the server, but what about making it the client? The other side already has a Wireguard server running.

Title: Re: Site to site vpn with wireguard, or...
Post by: mimugmail on October 30, 2020, 05:57:07 am

Follow Site 2 Site Guide where one is Client :)

Title: Re: Site to site vpn with wireguard, or...
Post by: gbr on November 03, 2020, 03:41:24 pm

So, this is kind of working.

From the OPNSense firewall I can ping any machine on the other side of the VPN. From a machine behind the OPNSense firewall, I can't.


remote network 172.31.0.0/16 <---> Ubuntu Wireguard Server <----> OPNSense Wireguard client <---> local network 192.168.100.0/22

The local network can't ping the Ubuntu Wireguard server or the remote network, only OPNSense can.

I'm missing something easy, I think.

Title: Re: Site to site vpn with wireguard, or...
Post by: gbr on November 03, 2020, 03:44:02 pm

Never mind, it was easy. I forgot the localnetwork in AllowedIPs on the server.

Quote from: gbr on October 29, 2020, 09:01:40 pm

We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald