Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard Road Warrior access other wireguard Tunnels

    Scheduled Pinned Locked Moved WireGuard
    5 Posts 3 Posters 923 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bambos
      last edited by

      Hello everyone and i wish health and careful from pandemic.

      I have a central site with static public ip, that accept 3 wireguard tunnels from remote sites with dynamic ip. everything is working ok with the tunnels and traffic. So:

      192.168.1.0/24 central

      Site 1: 192.168.2.0/24 tunnel 172.16.2.0/24
      Site 2: 192.168.3.0/24 tunnel 172.16.3.0/24
      Site 3: 192.168.4.0/24 tunnel 172.16.4.0/24

      Now i'm setting up a warrior wireguard for remote access on central.
      Since remote sites has dynamic ip, i can't setup wireguard directly on them.
      Is there any way to access all 4 networks from a laptop by connecting remotely to central ?

      cmcdonaldC perikoP 2 Replies Last reply Reply Quote 0
      • cmcdonaldC
        cmcdonald Netgate Developer @Bambos
        last edited by cmcdonald

        @bambos does central have routes and rule sets to allow traffic? You’ll also need static routes pointing the road warrior subnet at central otherwise how would the sites know where to reach the road warriors?

        So if central has a fixed public wan IP, set dynamic WG tunnels pointed at central. Then, on your edge sites static route your road warrior subnet to the central side of each sites tunnel, so long as the rule set allows, you should be able to hit the other sites through central

        Need help fast? https://www.netgate.com/support

        B 1 Reply Last reply Reply Quote 0
        • perikoP
          periko @Bambos
          last edited by

          @bambos for dynamic, u cannot setup a service like dyndns on them?
          Just curios.

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          B 1 Reply Last reply Reply Quote 0
          • B
            Bambos @cmcdonald
            last edited by

            @rcmcdonald91 yes my friend, you are right. I did many tests and i was able to contact all remote sites, the only trick was to add the network on my client setup, and also add the tunnel to each site peer setup.

            for example the tunel or road warrior is 172.16.16.1, this has to be added to the allowed IP's of each site peer, and also firewall rule is is not allow all. Also on wireguard windows setup, the LAN ip of each site has to be also added so we can get correct routing on the PC.

            1 Reply Last reply Reply Quote 0
            • B
              Bambos @periko
              last edited by

              @periko my ISP using several routers behind my firewall. So all sites are dynamic, only my central is static.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.