How to Create a Site to Site VPN // OpenWrt, Wireguard

Показать описание

Support Me

Get a 5% off Ekster Products
(PAID Link)

Follow me on Twitter and Facebook

We're all aware of how VPNs are used for privacy, geographic specific content, and hiding your IP. But VPNs have many other use cases, and a big one is site to site VPNs. What this does, is connect your networks together as if they all come from the same firewall. Corporations have been using site to site VPNs for quite some time, to connect their remote office networks together. However, this tech isn't just for big business; you too can set up a site to site VPN in your personal networks. You can set them up to connect family networks, friend's networks, or personal business networks together. This makes management of these networks convenient, and secure using strong encryption behind VPNs. In particular, Wireguard is well suited for site to site VPNs, with strong encryption, and low latency.

Setting up your own site to site VPN with Wireguard is easy. While I demonstrate this with OpenWrt, you can do this easily with most Linux distros, such as Raspberry Pi OS, or BSD based distributions like OPNsense, pfSense, or even FreeBSD. The configuration used here, and theory, will carry over to any distribution you choose, and has been curated with best security practices in mind. From here, you can create additional security policies that let you shape and control your traffic and access the way you want it. In the future, this will be helpful in learning mesh and overlay networking.

Watch this video to start joining your networks for convenience and management ease!

Links

Automated WireGuard Site to Site VPN configuration

Forward Zones and Forward Rules Reference

Wireguard Reference

Site A Configuration

Site B Configuration

OpenWrt (21.02) Packages Used
luci-wireguard-app + dependencies (in the link below)

00:00 Intro
01:11 Site to Site VPN Diagram
04:56 Site to Site VPN Uses
05:54 Hardware / Software
06:13 Demo Foreward
07:51 Demonstration / Site A Config
11:17 Site B Config
17:29 Finish Site A Config
20:00 Verifying / Testing
22:40 Site to Site VPN Benefits
23:11 Final Thoughts / Alternatives
24:05 Outro

Music | "Get Away" by LiQWYD

OpenWrt is a registered trademark owned by Software Freedom Conservancy (SFC)
WireGuard is a registered trademark of Jason A. Donenfeld

#OpenWrt #Wireguard #Site2Site #VPN #site-to-site

Рекомендации по теме

Комментарии

I keep coming back to this video to set up various VPNs. Just done another one today - it is so incredibly helpful and so well explained, working at the pace of a normal person, rather than a bang-bang-bang get-some-coffee approach. Thank you.

MrJohnRWells

Thanks for the walkthrough. I got both sites going with little trouble. I want to send site B internet traffic through site A's public internet connection. I'm sure it's possible with this setup just need some additional steps. I've monkeyed around with it and have not made the correct setup yet. Can you point me in the right direction? Thank you for your time

Wakkowillie

Thank you for the good and easy to understand video. I managed to setup my site to site wireguard vpn following your guide.

Now I am trying to route all traffic from one particular IP in SITE B to the WAN on SITE A. May I know how to do this?

iamasupernoob

Thanks for the video! How did you configure the Netgear (also running OpenWrt) to simulate the public Internet? I'd like to use that to confirm that the site to site VPN will actually work (with a simple peer IP address change), before I take site_a router out of town to where it'll actually be used.

Site_A: BPI-R3 mini (OpenWrt main snapshot)
Site_B: Ras Pi 4 (OpenWrt 23.05.2)
What I'd be using to simulate the Internet: Netgear WNDR3800 (OpenWrt 23.05, currently on 100% default settings) that I have laying around.

alvallac

helped me integrating my vps into my lan. i found your explainations of the settings and what they do really useful. keep up the good work!

syss

This is a gem, to find someone who understands this enough to make it simple. Love wireguard, but it does take some practice to get its lesser documented features. (You may find useful an AllowedIPs calculator, which sort of creates DisallowedIPs the long way.)

derekteetv

Really great tutorial. Thanks for that. Quick question. Do I need a dyn DNS on both routers if I want to avoid the keep alive?

sirlanzi

thanks, great video! Just a question: when one of the sites is behind a mobile network without having public IP (it's just NATed), what IP will you enter in the VPN config?

captainofcrunch

I was looking for something like this a while ago and came across tailscale. It is doing pretty much the same thing but in a noob friendly way.

Thanks for a great video.

hayupadhyaya

@DevOdyssey Thank you for this amazing walkthrough! I got this working in the same conditions shown in the video. I'm wondering if this would work if I have multiple "Site B"s which I'm unable to set static IPs for and are behind ISP-provided routers. I want to build a couple of plug-and-play openwrt raspberries that I can share with my friends out of town so they can access a media server in my home network as if it were in theirs. They don't have to reach each other but Site A must be able to reach both "Site B" networks for serving media. Will it suffice to have only one peer (Site A) in those multiple "Site B"s? I'm also behind an ISP router but I think I can set up something like ddns and port-forward traffic from my ISP router to the raspi. Will this work?

milleniuminc

This actually helped. Thanks a lot. My setup took longer - I am using Dynamic DNS for the gateway public IPs, but once that was working properly and I had properly configured the AT&T BGW210 gateways, it finally is working. Now I can access hosts at my office from home, and at my home from office.

schematica

Hi, thank you for the video, one question, is it possible to set this config to site a device with Owrt and use a frtzbox on site_B?

Gugu-qc

great video, man. thanks for directing me to this from your other VPN setup video. I think the only thing left for me to figure out is how to use this setup to browse the external internet from one of the "sites" you have set up. Is that already working with this setup?

ThePwig

Awesome, easy to follow, thank you so much!

striker_rafael

Hey @DevOdyssey. I've used your video to create my own site-to-site and it works! However, now I'm struggling to initiate a connection between my macbook using the wireguard app and my wireguard interface on my OWRT router for when I'm away from home. I set up a new WG instance on my Site A, but translating your Site B instructions to the wireguard MacOS app is proving challenging. I thought I had this going but my OWRT WG interface isn't showing any handshakes despite my macbook saying a connection is active. Do you have any suggestions? I'm guessing I'm missing something simple.

liammiller

Have you tried routing ipv6 over wireguard? I'd like to enable that to have a different, more open, set of firewaill rules between sites. They both have public v6 space, but generally firewalling off incoming traffic.

TimRiker

Great tutorial. How would I set the WG VPN to one LAN port on my client router?

liammiller

Dev Odyssey
Great idea as I want to allow my family to use my network printer from their home as their printers seem to refuse to work with Windows 10/11 and or Linux another point is for my digital safety I would like also when public WiFi use Wireguard vpn to my home network via a wireless RPi3B+ OpenWRT the problem being is my ISP router doesn't do routing tables and obtaining a A/VDSL modem to build my own router is prohibitively expensive. I suppose I could use the DMZ on the ISP router for just the modem and use a RPI4 for my router and do the same at my family's home.
Another idea for the family and myself is to save my work to part of a HD at theirs and they do the same with their work here, of course encrypted on both sides using wireguard and PIs sort of a cloud storage for the cost of the PI, HD and running costs. Yes I am sure commercial systems are available being a bit of a nerd anyway and with self sufficiency attitude home brew is preferred.
Any ideas or comments favourable or not are welcome.
TIA

paulmassey

Hi! Thnx for the step-by-step. I know my question is very noob but how does one configure an OpenWRT router to "simulate" WAN/Internet?

mkersevan

Thanks a lot! I could finally set this up on a seperate VLAN! Great video!

ghkpr

How to Create a Site to Site VPN // OpenWrt, Wireguard

How to Make a Website in 10 mins - Simple & Easy

How To Create A Free Website - with Free Domain & Hosting

How To Build A Website in 2025

How to Create a Website with AI - Step by Step

How To Build A FREE Website For Online Marketing in 2022

you STILL need a website RIGHT NOW!! (yes, even in 2024)

HOW TO BUILD A FREE WEBSITE FOR YOUR SMALL BUSINESS | HOW TO DESIGN A WEBSITE FOR YOUR BUSINESS

STOP PAYING! How To Create A Website For FREE in 2024

Master ELEMENTOR : Build a Responsive ARCHITECTURE WEBSITE from Scratch | Wordpress

How To Build and Host A Website From Scratch in 2023 (For Free)

I tried every FREE website builder. This is the best

How to Make a Website with Canva | A Step by Step Guide

How To Build A Website in 15 Minutes (Squarespace Tutorial 2024)

How to Create a FREE Website Using AI | 2024 🆓

How to Create a Website and Earn Money Online | FREE Domain

How to Make a Website For Free - How to Create a Website For Free - Website kaise Banaye

How To Create Website in Google Sites for Free | Tutorial For Beginners

How To Build A $10,000 Website With No-Code + AI

Make An E-Commerce Website In JUST 10 Min Using AI | TUTORIAL

How to Create a Website for Free - Malayalam Tutorial

Let’s build a FREE website using AI ✨ (no code needed!)

How To Create A Free Website with Free Domain & Hosting @Odoo | Nishkarsh Sharma

Build a Wix Website for FREE in 10 Minutes! (2022 UPDATE)

How Do I Create A Website?