Site to site question
-
HI
Currently was wondering if someone could shed some light on the issue im having,
Currently i have wireguard working for clients, but i wanted to configure Site to site
i was trying to follow this guide but i saw that the interface which it shows to add peer wire guard does not show on pfsense 2.5.2
https://www.youtube.com/watch?v=YfP0Kx4tdBIi was reading this guide https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
but its completely different -
@killmasta93 What do you mean by "the interface"?
You would have to add the interface, were you aware of that? You didn't add a lot of details so it's not clear.How is that guide different?
-
@jarhead Thanks for the reply, sorry for not being more detailed these were the steps i took
on site A has LAN 192.168.7.0/24
login-to-view
on site B has LAN 192.168.6.0/24
login-to-viewSite A peer
login-to-viewSite B peer
login-to-viewin theory it should work the handshake but for some odd reason not working
Thank you
-
@killmasta93 And the WAN firewall is allowing the WG port?
WG firewall Group has an any any? (for now, can be changed later)One thing about WG is it does not add routes like OpenVPN so you would have to add them manually.
Here's what I would do.
Take the tunnel out of the WG config and assign the interfaces on either side with the tunnel addresses on them.
Then add a gateway, on each end, pointing to the other side.
Then add a static route on each end. So Site A would have a route of site B's subnet going through the WG gateway. Site B would be the opposite.In WG settings, set "Interface Group Membership" to "Only unassigned Tunnels".
This will make the firewall WG Group only be needed for unassigned tunnels so you can put firewall rules on the interface itself. -
Follow this video fully... I just did a test setup with it.
https://youtu.be/2oe7rTMFmqc
-
@brians Thank you so much that exactly what i needed it worked perfectly