Wireguard 2 WANs IP

[mic]

Hello,

I have the following configuration:

• Virtualized OPNSense in a DC witn 1 Static Public IP: a.b.c.d
• An Hardware OPNSense in the Customer Headquarter with 2 WAN (different ISPs) Connections and therefore 2 WANs IPs Addresses (say e.f.g.h and i.j.k.l)

Now in the Customer HQ the first WAN Connection is the primary and the second WAN is the backup. I configured a Wireguard tunnel between DC OPNSense and HQ OPNSense using as peer endpoint IP address (in DC OPNSense) e.f.g.h (primary WAN IP of the HQ OPNSense). Now if the primary WAN connection of the HQ goes down also the Wireguard tunnel goes down because, in the Virtual OPNSense in DC, Wireguard endpoint peer address is set to e.f.g.h (primary WAN  IP address of HQ Connection).
Now the question is: how can I configure, in Virtual OPNSense in DC, a second endpoint peer address ( i.j.k.l) as backup, so if the HQ primary WAN ISP goes down the Wireguard tunnel switch versus the secondary WAN using as peer endopint IP address i.j.k.l ?

Thank you

[Monviech (Cedrik)]

You could initialize the Wireguard connection from the site with dual WAN, to the site with single WAN. In the single WAN site put no endpoint address, that way it will wait for one of the dual WAN sites IPs to connect to it.

If the IP changes, it should not matter, since Wireguard is set up to be stateless.