Site to site vpn with wireguard, or...

Started by gbr, October 29, 2020, 09:01:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 29, 2020, 09:01:40 PM
We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald
October 29, 2020, 09:58:01 PM #1
WireGuard, OpenVPN and IPsec. All of them will serve your purpose.
,,The S in IoT stands for Security!" :)
October 29, 2020, 10:08:42 PM #2
Quote from: gbr on October 29, 2020, 09:01:40 PM
What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Sorry, missed that part.

Why using another device for that? It makes the setup more complex because you need to add static routes to the main router. OPNsense and WireGuard work well, but be warned, it's not yet officially marked as production-ready. OpenVPN and IPsec are the current industry standard right now.

There are lots of tutorials. OPNsense docs cover a lot of different setups.
,,The S in IoT stands for Security!" :)
October 30, 2020, 12:38:58 AM #3
I found tons of tutorials on making OPNSense the server, but what about making it the client? The other side already has a Wireguard server running.
October 30, 2020, 05:57:07 AM #4
Follow Site 2 Site Guide where one is Client :)
November 03, 2020, 03:41:24 PM #5
So, this is kind of working.

From the OPNSense firewall I can ping any machine on the other side of the VPN. From a machine behind the OPNSense firewall, I can't.


remote network 172.31.0.0/16 <---> Ubuntu Wireguard Server <----> OPNSense Wireguard client <---> local network 192.168.100.0/22

The local network can't ping the Ubuntu Wireguard server or the remote network, only OPNSense can.

I'm missing something easy, I think.
November 03, 2020, 03:44:02 PM #6
Never mind, it was easy. I forgot the localnetwork in AllowedIPs on the server.


Quote from: gbr on October 29, 2020, 09:01:40 PM
We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald
Print
Go Up Pages1
User actions