<![CDATA[WireGuard high-availability setup - how to?]]>

<![CDATA[WireGuard high-availability setup - how to?]]>Hey frens!

I was tasked by a colleague to create a high-availability WireGuard server.

We have two machines, which both need to contain the same server config.
How should I go about setting up the second machine, do I need floating IP's?

The main idea is the following:
The moment the first physical WireGuard VPN machine goes bonkers, the second one to immediately pick up all active connections until the first one gets back to normal operation.
For context, both of them are behind a UDM-SE and the second one is yet to have port-forwarding setup.
How can I make sure configurations from the first machine are always synced to the second machine?
Both machines are running a headless Ubuntu installation and have wired connections.

Any suggestions beside rsync are welcome to be tried.

]]>https://forum.netgate.com/topic/195609/wireguard-high-availability-setup-how-toRSS for NodeSat, 14 Mar 2026 23:18:42 GMTFri, 13 Dec 2024 09:42:35 GMT60<![CDATA[Reply to WireGuard high-availability setup - how to? on Sat, 14 Dec 2024 06:56:09 GMT]]>@abstergo do a search in the forum, please. You'll see the topic came up a few times it's not something that can easily be done.

Seems setting up two separate tunnels and use OSPF is one option that doesn't involve scripting.

]]>https://forum.netgate.com/post/1199399https://forum.netgate.com/post/1199399Sat, 14 Dec 2024 06:56:09 GMT