OpenWRT - Site to Site VPN configuration with Wireguard

Показать описание

In this video, we are going to configure site to site VPN with Wireguard, of course it is on OpenWRT. This will enable network devices from LAN of 2 sites to communicate with each other. (by default, a device from client side's LAN can only comminicate with the server side's gateway and vice versa.) Someone is calling it "LAN to LAN VPN" but I am just following OpenWRT document to name the video.
Basically, you just need to assign the Wireguard interface to LAN Firewall Zone and add the client side LAN IP range to the Wireguard server allowed IPs and vice versa.
The video is focusing on the site to site routing configuration, for a detail installation guide of the Wireguard server and Wireguard client, please have a look at the below videos:

On the Client side router, if you want to route only the server side LAN traffic to the tunnel and the rest of the traffic will be routed to the WAN interface, remove 0.0.0.0/0 and ::/0 from the Allowed IPs range and only left the server side's LAN IPs 192.168.1.0/24
Or, you can run the below script on your Client router:

uci commit network
/etc/init.d/network restart

Video timeframe:

00:00 - Site to Site VPN with Wireguard introduction
02:15 - Before the site to site routing configuration
03:37 - Wireguard site to site configuration on OpenWRT / CLI
07:01 - Check and troubleshooting
09:40 - Final words
10:06 - Small tip about OS's firewall

Link to the user guide:

Check out other OpenWRT tutorials on my channel.
If there is anything not clear or there is any question, feel free to leave it in the comment section and we can discuss.
As always, please like, share and subscribe to the channel to support me. Thank you!

Рекомендации по теме

Комментарии

On the client router, If you want to route only the server side LAN traffic to the Wireguard tunnel and the rest of the traffic will be routed to the WAN interface, remove 0.0.0.0/0 and ::/0 from the Allowed IPs range (on the Wireguard interface - Peer) and only left the server side's LAN IPs 192.168.1.0/24
Or, you can run the below script on the Client router:

uci del_list

uci del_list
uci commit network
/etc/init.d/network restart

VanTechCorner

I'll try it this weekend :) . Thank you very much

germiniano

Thanks for this. Trying to setup a site to site with openwrt and pfsense boxes.

biggyk

My Wg interface on the client is already assigned to the LAN zone and connected to the server. But from my server I can't ping the client's LAN layer, please help me.

theanhbui

do you have some tutorial about lan to lan with 2 clients wireguards??

sperez

The diagram here is between two openwrt. My situation is that I have an OpenWRT router in my home environment. With Wireguard I connect to wireguard vpn on the server on AWS. AND my devices in my home have a VPN connection. However, I cannot access the computers behind the OpenWRT at home via an external internet via a VPn connection, but I cannot access Lan. If I make a setting on the Ubuntu side, I can access my computers behind the OpenWRT at home.

Thankyou for support.

AlperAYKUT

Can you do a tutorial how to setup a vlan for IOTs or how to setup guest network with its own separate vlan and firewall rules using OpenWRT? Thanks.

blizzbhaller

Can Site-to-Site VPN systems have exceptions for a client that does not use this S2S connection? For example, 2 physically separated locations are linked by S2S where they behave as one logical network with data passing between them over the Internet encrypted. However, there are client computers on both sites that just want to go to the Internet without using this tunnel. When a computer wants to go to Youtube to watch videos, this activity does not need to go through this S2S VPN tunnel where it would consume CPU cycle unnecessarily. If assigning this computer a VLAN that is not a member of the S2S VLAN, can this computer access the Internet without using the S2S?

jasonluong

What i want is to be able to access my home network which happens to be behind NAT from anywhere using VPS as a point to point connection between the remote and the local networks.
I have a GL-Inet openwrt router behind a Virgin media router, all of my devices are connected directly to the openwrt router. can i have a VPS that can connect to the openwrt router via wireguard to give me access to the home network while i am away from home?

adeyinkaapata

Great video!!! It’s possible bypass with this fw my nat 4g connection?

baffomorettiilcustodedisto

OpenWRT - Site to Site VPN configuration with Wireguard

How to Create a Site to Site VPN // OpenWrt, Wireguard

OpenWRT - Site to Site VPN configuration with Wireguard

Let's follow a ping packet over site to site #vpn #openwrt #wireguard #shorts

OpenWRT WireGuard Simple Home VPN Tutorial

Site-to-Site VPN einfach mit WireGuard einrichten! Schritt-für-Schritt Anleitung

OpenWRT : Create VPN server with WireGuard

[TUT] OpenWrt - WireGuard VPN Server installieren [4K | DE]

Using WireGuard for Site-to-Site VPN

How To Establish IPsec Site To Site VPN Tunnel Via VTI. | Linux | OpenWrt |

WireGuard Site to Site VPN einrichten - Netzwerke sicher verbinden !! #VPN #SiteToSite

How To Set Up A VPN On A Router // Wireguard on OpenWrt

How to Create S2S Network via GoodCloud

▷ CONFIGURAR WIREGUARD Site-to-Site VPN ◁

Wireguard OpenWRT Server

How to Configure OpenVPN Client on OpenWRT

VPN for your Home Network with Wireguard on OpenWrt and iphone connecting to linux VPN

OpenWRT - Configure Wireguard Client

How to enable HTTPS for OpenWRT Web GUI

How to Create a Site-To-Site VPN Topology

OpenWRT - How to set up an OpenVPN Tun Route between two routers - Done with 21.x

Set Up Your Own Wireguard VPN Server with 2FA in 5 Minutes!

How to remote access Openwrt router over the internet using Zerotier | 2021

OpenWRT - VPN Policy Routing in Detail & Case Study

Build your OWN WireGuard VPN! Here's how