Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WireGuard site to site tutorial

    WireGuard
    wireguard site-to-site
    1
    1
    618
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stepanov1975
      last edited by stepanov1975

      I know there are many tutorials already. This tutorial is based on this very good video tutorial
      But, it took me a lot of time to get a working configuration, so I want to share my experience and also will be glad to get community feedback if I got something wrong

      The WireGuard configured as the following
      73ecad38-3cf9-4663-8422-4292f7514e43-image.png

      The tunnel network will be 10.0.20.0

      Step 1 - Create the tunnel

      a39a963f-99de-4b8a-a896-dee252539fbe-image.png

      • Press "Generate" button to generate keys
      • Leave interface address empty
      • "Listen port" - any port but should be same for both ends

      Step 2 - Add interface

      2732e274-e287-482e-b274-605e6779f228-image.png
      18b83898-569e-4491-b194-92380a3178e2-image.png

      • The "IPv4 address" is what will be your side IP address for the tunnel network
      • MTU 1400 for PPPoE connections (just approximation)

      Step 3 - Add firewall rule for the created interface

      ab55ffc4-1990-48fc-83ac-46fe32689fef-image.png
      "Any Any" for the beginning. So will not complicate initial setup

      Step 4 - Add getaway

      c3b8839d-8866-41f6-a82a-8a9efc5028dc-image.png

      • The "Gateway" IP is the is other's side IP (inside tunnel network)

      Step 5 - Add static route

      0864698a-cbe2-43bb-b7ec-3007b8d15797-image.png

      • "Destination network" is other's side network

      Step 6 - Add firewall WAN rule

      dd5a1e05-fa54-4b64-84f6-467909fa9db6-image.png

      Step 7 - Add tunel peer

      01fad779-afea-4a26-8db8-cb92dc242100-image.png

      • Public key is the public key from the other side
      • Both other's side network and tunnel network should be added to "Allowed IPs"
      • "Endpoint" is IP or hostname of the other side

      The other side is configured exactly the same way. The only difference is interface IP and gateway II should be swapped

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.