Wireguard Site-to-Site VPN with two WAN Interfaces

[mike19]

Hi all,

I configured a site to site VPN with Wireguard at it is working great.
On one Opnsense Firewall I have two WAN Interfaces. I did not find any option to choose the interface for the outgoing traffic to the other firewall.
Does someone know how this needs to be configured? Per default it always go through the default WAN Interface.

Best regards and many thanks,
Mike

[Bob.Dig]

What is the reason you are asking?

[mike19]

I would like to configure it that the traffic goes over the other wan interface. Large backups go over wireguard. So default WAN interface stays free for other traffic like Internet

[ludarkstar99]

We accomplished that by adding a static route with the endpoint as the target/32 and associating the corresponding gateway.
Another scenario we have (for failover purposes) is to use two tunnels with BGP to weight the preferred path.

[mike19]

Thanks for your reply.
That would work if I had static public IPs.
I forgot to mention that I use dynamic DNS for the WAN IPs.

[mike19]

No one has an idea how this can be done or is the function simply not available?

[OPNenthu]

I haven't set this up yet myself, but maybe you want to try selective routing as outlined here?

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

The example in step 10 uses an outbound NAT rule on a WG interface and a host alias to forward traffic for specific hosts through the WG tunnel, while all other hosts go over WAN as usual.

Instead of just matching all IP traffic on a host basis, you might also try matching specific ports/protocols.

[Bob.Dig]

I forgot to mention that I use dynamic DNS for the WAN IPs.

I don't see why that would change anything, yet.
Edit: Ok, I see it. Maybe try OpenVPN instead.
Edit2: Or make the connection from the other side.