Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard Site2Site only one site public IP.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard Site2Site only one site public IP. (Read 2945 times)
itngo
Full Member
Posts: 118
Karma: 4
Wireguard Site2Site only one site public IP.
«
on:
February 23, 2023, 07:01:06 pm »
Hi,
while you can have Client2Server VPN Site2Site with OpenVPN, the seems not to be possible with Wireguard?
We have a setup and can see that our "designated" Client-Side is sending packets but those get never answered.
Is this configuration possible to have a WireGuard Server on opnSense in Datacenter and let branch sites connect which have no real public IP, cause of carrier grade nat or shared IPs?
Logged
nzkiwi68
Full Member
Posts: 182
Karma: 20
Re: Wireguard Site2Site only one site public IP.
«
Reply #1 on:
March 10, 2023, 05:30:12 am »
Yes, I think that would be possible.
On the
Data Center side
, you would have an endpoint set for each branch:
Branch1 endpoint:
endpoint address: blank/empty
endpoint port: blank/empty
Allowed IPs: (1- tunnel IP address, say 10.10.10.4/32 (unique for each branch) PLUS 2 - the LAN subnet of that branch, e.g. 192.168.88.0/24)
On the
branch side
:
endpoint address: the IP address of the data center firewall
endpoint port: the port for wireguard, say 51820
Allowed IPs: (1- tunnel IP address, say 10.10.10.254/24 (this is the data center, note the /24) PLUS 2 - the LAN subnet or subnets of the data center, e.g. 192.168.18.0/24)
The branch could only ever initiate the connection to the data center. To make sure that happened, you could enable "keeapalive interval" on the branch site and make that 25.
Create Local listeners in the normal way....
Logged
itngo
Full Member
Posts: 118
Karma: 4
Re: Wireguard Site2Site only one site public IP.
«
Reply #2 on:
March 22, 2023, 04:43:29 pm »
Thank you very much.
We will try that....
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard Site2Site only one site public IP.