0

I need to modify an existing Wireguard VPN with start topology (central peer with public IP, called "server" in the schema), so that one site will be connecting via a single "site peer" routing the traffic from other peers in its local network (as opposed to each peer from that site connecting to the "server" directly.

Before I go into depth (I am a Wireguard greenie), is something like this semi-trivially possible with Wireguard? Or am I bending it into something it was not intended for?

topology schema

eudoxos
  • 363
  • 2
  • 3
  • 11
  • The thing that matters for understanding how it's working: https://www.wireguard.com/#cryptokey-routing (the question doesn't provide enough details for me to try and answer, I guess it's possible if nothing in the routing is dynamic). – A.B Nov 24 '21 at 18:22
  • Yes, site-to-site topologies are possible, how easy it is, depends on how well you understand IP routing. I found it pretty easy once I was familiar with wireguard. You can do this with a single wireguard interface at the center, or multiple interface on the central system which might be needed for some more complicated or unusual routing. – Zoredache Nov 24 '21 at 19:00
  • The Wireguard part will be relatively easy. The difficult part is 1. the Wireguard servers need routing rules added (typically using `iptables`), and 2. push new routes to other network computers. Maybe my config generator [`wireguard-site-to-site.sh`](https://gist.github.com/jtmoon79/c951f81f621bb87ddb60836245aca4ff/) will help? – JamesThomasMoon Nov 02 '22 at 03:32

0 Answers0