Wireguard Site 2 site VPN

I’ve been toying around with getting wireguard running in a site 2 site configuration and discovered the openwrt wiki has a script that works perfectly fine. I’d love to see something natively built for this in the future.

Note: I’m assuming you know your way around linux already, already have SSH access, etc. I’d really only recommend if your comfortable.

My goal was site2site, 192.168.0.1/24 able to talk to 192.168.2.1/24. For now one end point is a RB5009, the other a Route10 at my house.

https://openwrt.org/docs/guide-user/services/vpn/wireguard/site-to-site

Notes specifically for the route10 (you will need to change the other variables in the config beyond these.)

In the s2s_combined.sh script these values need to be changed:

WG_SITE_A_VPN_ZONE=vpn
WG_SITE_B_VPN_ZONE=vpn

to:

WG_SITE_A_VPN_ZONE=lan
WG_SITE_B_VPN_ZONE=lan

After running the first script we need to remove a couple of lines from the generated scripts, and add one at the end:

Line2: clear
Line33: service firewall restart
Line55: service network restart

Add this line at the end:

/etc/init.d/network restart

chmod +x your script, run it.

You should be able to check the status of your wireguard tunnels with ‘wg’ on the cli.

You can make this persistent by cleaning the echos out of the generated config (my preference) and set it up at /cfg/post-cfg.sh

Hopefully someone finds it helpful!

3 Likes

Iirc this will be coming eventually. Nice workaround in the meantime!

2 Likes