Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hub n Spoke with dynamic IPs on spokes

    Scheduled Pinned Locked Moved WireGuard
    1 Posts 1 Posters 111 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      McMurphy
      last edited by

      I have a WireGuard VPN connecting a remote site to the main site. The two sites have failover WAN connections so the IPs can change. I have configured these two sites in a hub-n-spoke configuration as the hub's IP is static. I have noticed that the peer IP addresses are in the conf file on the hub which is a problem as these addresses should allow for change and not be hard coded. Is this possible with WireGuard?

      My hub conf files is below:

      [Interface]
Address = 172.16.0.1/24
DNS = 192.168.1.5
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = ***************************

[Peer]
PublicKey = ***************************

AllowedIPs = 172.16.0.2/32, 192.168.1.0/24
Endpoint = X.X.X.X:51820

[Peer]
PublicKey = ***************************

AllowedIPs = 172.16.0.3/32, 192.168.2.0/24
Endpoint = X.X.X.X:51820

      Drawing8 (1).png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.