Using WireGuard for Hub and Spoke Site-to-Site VPN

Рет қаралды 2,232

LinuxCloudHacks

Күн бұрын

Пікірлер: 8

@batmansniper 10 ай бұрын

Very simple and straight forward explanation. Thanks for the video 😃 Appreciate it.

@LinuxCloudHacks 9 ай бұрын

Glad you've liked it! There is an WireGuard with dynamic routing video available. I'm planning to release WireGuard Road Warrior setup that should be interesting. Stay tuned!

@andresramosfernandez 5 ай бұрын

Thanks Philip! It shows that you know your stuff, well explained, weighing the options and commenting on the reasoning behind things, all very clearly explained. KUDOS. On the other hand, at the end, if node2 were a Windows 11 machine, could it be done? How would you define the interface to have it the same as the other point-to-point? I think that in Windows it's either not possible or no one on the internet has managed to do it. It would truly be an amazing tool, to be able to "drop" any node, whether on Windows or Linux, and have access to that network.

@LinuxCloudHacks 5 ай бұрын

Hi! You want your Windows 11 machine to be a router allowing others devices in the network to reach other sites? To my knowledge it's not possible out of the box but what you could do is enable Hyper-V and then install any Linux distro. You just need to bridge the Linux network interface to the physical NIC of the Windows box so that the linux vm will be part of your real network. This is how I would do it. Cheers!

@SirJ99 6 ай бұрын

Stumbled on your awesome video. May I ask for a little explanation? What would be different if, for example, 10.100.100.1 and .2 would be used instead of 169.254.0.1 and .2? Would that create any changes in routing rules too? How do you make your configuration persistent? with wg-quick you'd add that to systemctl enable to autostart, but with all manual, what do you do?

@LinuxCloudHacks 6 ай бұрын

Thanks and apologies for late reply. YT did not show this comment until now. To your question. Sure you can use 10.100.100.x. The reason for going with 169.254.0.0/16 is that it won't collide with any local network as no-one is using this subnet. However you can go with 10.100.100.0/24 or any other private network as long as it does not overlap with your local subnets. Just when you'll be setting wireguard peers put 10.100.100.x instead of 169.254.x.x and that's it. Now to your second question - that's a good point that I've not covered in the video. You need to create a new systemd service in Linux that will autostart once your system boots. Just google "How to Create a New systemd Service on Linux". I will do a video about systemd later in the year.

@astrogerard 7 ай бұрын

Thanks for this video. I was looking for a solution to connect a remote site without inbound ip possibility due to a LTE connection. I will use your example to connect that site.

@LinuxCloudHacks 7 ай бұрын

Glad I could help! I'll be also doing a video about ZeroTier VPN that's another very interesting option that allows you to connect multiple sites behind NAT. Stay tuned.