Not sure if this just me but I had better experance also setting the MTU on wireguard interfaces (All Sites) as pfsense wireguard seems fussy from time to time about this. E.g. 1280 (or maybe somthing higher)
I have had issues with this before, my home instance, for example, has both MTU and MSS set to 1420 and hasn't had any issues at all. During testing for this video, it didn't seem to make a difference.
Enjoyed this video. Have seen other pfsense wireguard site to site videos but enjoyed this one as you added a third one, which a lot of people would do later..thanks
Outstanding! I finally got my third location added. Thank You!! My only wish is that it would have just gone a bit further and got SiteB & SiteC talking. You mentioned firewall rules and am messing with it but not having success. However, appreciative of the help you provided.
Glad you got it working, I may take a look at getting site b and c talking, it's not something I've needed tbh, as long as everything coupd speak back to main sites that's all i required
@@sheridans Thank you for your response! Ya, I travel between the three offices quite a bit. I have heard about a 'mesh' solution vs 'hub and spoke', but very hard to find any content on. You might get a lot of views ;)
Thanks for the video. In your video A and B can talk and A and C can talk but can B and C talk? Do they have to go through A or is it not possible without extra routes?
@@sheridans I appreciate your quick response, Thank you. I look forward to your additional video and thumbs up, though In short are you thinking that B and C would need to communicate through A via additional route?
Yes would need a route, and route priority setting up.ll try to cover it. As I said, been requested a few times, should have covered it in hindsight for redundancy; didn't occur to me at the time
Thank you. great video. I wish this was a mesh setup to provide some redundancy between the three sites as there's almost no content or tutorials on this anywhere on the web. Please think of making a video for a WG mesh setup between 3 sites. Also you've earned a new sub! 👍⭐
Hello, the video is very good, but how do I make the link highly available? I made 2 tunnels and 2 separate pears, to create HA, but the routes only accept one with the same destination, I made automatic routes with OSFP following the DOC, but it didn't work, what would it look like in this case? Could you help me, please?
Great video! Still having something wrong... If I test with ping in the pfsense diagnostic tool it works perfect, but it doesn't work if i do ping from y pc, I do research with no success, do yo have some clue?
@@sheridans Yes, I allowed the wireguard network and my remote site network, the problem is when I try to ping or connect from my Bridge interface as i had one to have 3 ports as a switch in my pfsense box
I have followed this guide, but clients behine each pfsense firewall can access the subnet of the otherside. What rules are needed to allow clients to talk to each other.
thanks for your video . i would like to ask something in my scheme ; i have 5 sites and each one conected between them using ipsec (site A has a server) so sometimes site A lost internet connection , so i put a new ethernet interface to my site a pfsense but my second internet conection in site A Pfsense coming from a Nat so i cant open port or like something because it is a home user internet . what i want to do : if site a internet down i want to use wireguard vpn to connect all other sites to site A using my second internet connection on it . otherwise ipsec vpn with my first static ip conection ip also working (sorry for my poor english) thanks for your answer
i tried to make with openvpn (i installed open vpn cliect to my server then these cliect conecting to my other sites pfsense openvpn server ) but open vpn is not stable and sometimes windows rdp stay with black screen i dont know reason but with ipsec everthing work perfectly . In summary, what I want to do is the following when the main internet of my site A fails to use my dynamic home internet double nat that makes connections using wireguard vpn. I don't think wireguard and pfsense would work pointing to the same lan?
![[How To] Configure WireGuard Site-to-Site VPN on OPNsense (& wg.conf examples)](/img/1.gif)
Not sure if this just me but I had better experance also setting the MTU on wireguard interfaces (All Sites) as pfsense wireguard seems fussy from time to time about this. E.g. 1280 (or maybe somthing higher)
I have had issues with this before, my home instance, for example, has both MTU and MSS set to 1420 and hasn't had any issues at all. During testing for this video, it didn't seem to make a difference.
This is gold... I'm going to bookmark this, and use it as a reference guide....
Top stuff Sam!
Cheers buddy
Enjoyed this video. Have seen other pfsense wireguard site to site videos but enjoyed this one as you added a third one, which a lot of people would do later..thanks
Thank you for the kind words, and taking the time to leave feedback
Much appreciated 🙏
Outstanding! I finally got my third location added. Thank You!! My only wish is that it would have just gone a bit further and got SiteB & SiteC talking. You mentioned firewall rules and am messing with it but not having success. However, appreciative of the help you provided.
Glad you got it working, I may take a look at getting site b and c talking, it's not something I've needed tbh, as long as everything coupd speak back to main sites that's all i required
@@sheridans Thank you for your response! Ya, I travel between the three offices quite a bit. I have heard about a 'mesh' solution vs 'hub and spoke', but very hard to find any content on. You might get a lot of views ;)
Thank you for making this video, we'll done.
Thanks for the feedback 👍
Great video. Always love your explanations
Thank you for the kind words
Thanks for the video. In your video A and B can talk and A and C can talk but can B and C talk? Do they have to go through A or is it not possible without extra routes?
Extra route would be needed, I might cover this as it's been asked a few times
@@sheridans I appreciate your quick response, Thank you. I look forward to your additional video and thumbs up, though In short are you thinking that B and C would need to communicate through A via additional route?
Yes would need a route, and route priority setting up.ll try to cover it. As I said, been requested a few times, should have covered it in hindsight for redundancy; didn't occur to me at the time
Thank you. great video. I wish this was a mesh setup to provide some redundancy between the three sites as there's almost no content or tutorials on this anywhere on the web.
Please think of making a video for a WG mesh setup between 3 sites.
Also you've earned a new sub! 👍⭐
Thank you for the sub. You're not the first person yo mention this, will look at covering it
Nice tutorial video.👍
Thank you for the kind words, always appreciated to see someone is finding some use out of them 😊
what about pfsense just being a client by initiating the connection to a remote server ?
Excellent tutorial Sir... is it possible to access network devices via hostname and not just via IP address?
You can do it in pfsense via dns resolver, tell it to send all requests for youdomain.local for example to a server than can resolver them (ie dc)
Hi, sorry for replying late. youtube comments are hard to spot at best. yes, you can point to a dns server or edit static hosts file.
Thanks !
Welcome!
Do you have a way for adding other public IP addresses to utilize as backup links when the first one fails at the server site? Thank you in advance.
Hello, the video is very good, but how do I make the link highly available? I made 2 tunnels and 2 separate pears, to create HA, but the routes only accept one with the same destination, I made automatic routes with OSFP following the DOC, but it didn't work, what would it look like in this case? Could you help me, please?
Thanks for the feedback, appreciated. I'd have to this in all honesty, out of curiosity will try to test this out
Hey Sir I wanted to ask you few things about asterisk can you help please 🥺
There's a link to our forum in the video description if you want to take it there
Hi, can you also please show the physical connection of two different machines. Thanks in advance.
What do you mean by physical connection? Sorry I don't understand
Great video!
Still having something wrong... If I test with ping in the pfsense diagnostic tool it works perfect, but it doesn't work if i do ping from y pc, I do research with no success, do yo have some clue?
Have you set the the allowedip setting?
@@sheridans Yes, I allowed the wireguard network and my remote site network, the problem is when I try to ping or connect from my Bridge interface as i had one to have 3 ports as a switch in my pfsense box
could do opnsense site 2 site tutorial on wireguard please
Yeah, can't see why not. Will try to fit it in within next week or two
Thank you @@sheridans
I have followed this guide, but clients behine each pfsense firewall can access the subnet of the otherside. What rules are needed to allow clients to talk to each other.
Have you tried disabling windows firewall on a machine you're trying to access as a test to make sure it's not firewall related?
@@sheridans I reboot sorted this issue out. Routes where correctly then pushed to the client computers.
Thanks!
@@peterdee1900 Glad you got it working and thank you for the update regarding the reboot
thanks for your video .
i would like to ask something in my scheme ; i have 5 sites and each one conected between them using ipsec (site A has a server) so sometimes site A lost internet connection , so i put a new ethernet interface to my site a pfsense but my second internet conection in site A Pfsense coming from a Nat so i cant open port or like something because it is a home user internet . what i want to do : if site a internet down i want to use wireguard vpn to connect all other sites to site A using my second internet connection on it . otherwise ipsec vpn with my first static ip conection ip also working (sorry for my poor english) thanks for your answer
i tried to make with openvpn (i installed open vpn cliect to my server then these cliect conecting to my other sites pfsense openvpn server ) but open vpn is not stable and sometimes windows rdp stay with black screen i dont know reason but with ipsec everthing work perfectly .
In summary, what I want to do is the following when the main internet of my site A fails to use my dynamic home internet double nat that makes connections using wireguard vpn.
I don't think wireguard and pfsense would work pointing to the same lan?
OpenVPN is stable, it's more than likely external factors affecting it
@@sheridansfor example?
sheridan computers i folowed your video step for step and it does not work at all
More interested in site to site with Zerotier.
I'll see what I can do :)
@@sheridans Really, wow thanks for considering