Is it possible to create a site-to-site VPN using Wireguard? I got my router from my ISP and it’s farily basic in terms of functionality, meaning that it does not have any of those features built-in. I was instead thinking about using a Raspberry Pi as a bridge between my network and the other one.
The IP addresses of the networks are configured like this:
My network: 192.168.0.1/24
Remote network: 192.168.1.1/24
How would I go on about doing this? My goal is it avoid the need of having to install a Wireguard client on every device that I’m using at home and instead make it network-wide. For example, if I wanted to visit a site hosted on a web server with IP 192.168.1.30, this should work seamlessly.
I sincerly hope this is enough information to explain my situation. Please, let me know if there’s something I can elaborate on to make it more clear.
Yes, here is a guide I used to build a site to site tunnel. One end being a raspberry Pi.
There are other ways. But I use a Firewalla at each site. Super easy to set up.
The process would be similar to just connecting a client to another network, only you perform the steps to allow access to the network on both sides for the appropriate side of the network.
However, the trick here is, that since you aren’t handling it at the router level, while you don’t have to install the client on each machine, you’ll need to insert a route rule on each machine you want to have access it, as you are effectively turning the peers into gateways to the far network. The route rule will need to tell that machine that for packets destined for the far network, to use the local address of the peer that is local to it, as the gateway for that traffic.
Yes. Just open a tunnel and set up routes on either site to the other site.
Wow, awesome job on that article. It seems that my router does not allow me to do any IP forwarding or set static routes. I will probably buy another in the near future and use your guide to set it up. Thanks for the link!
I see, thanks for the explanation, will definitely consider that. If I want to change it on router level, is getting new hardware the only viable option? I guess there is nothing like running your own DNS server but for routing rules where the RPi would be a kind of middle man during requests? I hope you understand what I’m trying to describe.
If I want to change it on router level, is getting new hardware the only viable option?
No, if you can configure your router to do a custom route and point it at the wireguard client, that should work too.
I guess there is nothing like running your own DNS server but for routing rules where the RPi would be a kind of middle man during requests?
DNS is a different issue- having entries in DNS isn’t going to resolve it. If you think of it like street addresses, DNS is giving you the address, but the route tells you what exit you need to get off at to get there. You could have your RPi running a DNS resolver(presumably PiHole) that says that a particular name corresponds to something with an address on the other side of the VPN tunnel, but without the route, your systems still don’t know a network path to get the packets there.
Thank you for the clarification!
Yeah, I understand how DNS works, I was more into learning about if there’s any similar solution but for the routing itself. But of course, when I think about it, this sounds pretty stupid. Like, that’s the whole point of a router, why separate it?
I think I’ll look at buying a new router to resolve this. Would you have any recommendations for the intended purpose?