Build a Secure Site-to-Site VPN with Pfsense & WireGuard [YouTube Release]

Youtube Releases
1

Additional Resources:

Wireguard Device Access Video

Lab video

pfsense Privacy VPN video

Connect With Us

Lawrence Systems Shirts and Swag

►👕 Lawrence Systems

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

UniFi Affiliate Link
:shopping_cart: Ubiquiti Store

All Of Our Affiliates help us out and can get you discounts!
:shopping_cart: Partners We Love – Lawrence Systems

Gear we use on Kit
:shopping_cart: Kit

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct - Premium Refurbished Servers & Workstations at Unbeatable Prices

Digital Ocean Offer Code
:shopping_cart: DigitalOcean: AI-Powered Unified Inference Cloud Infrastructure

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - Fast and Reliable UniFi in the Cloud

Protect your privacy with a VPN from Private Internet Access
:shopping_cart: https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS

Patreon
:money_bag: https://www.patreon.com/lawrencesystems

Chapters
00:00 pfsense WIreguard site to site VPN tutorial
01:00 Demo Setup and How Wireguard Tunnels Work
03:44 Wireguard Peers and Keys
04:57 How To Configure Wireguard Tunnels and Peers
07:32 Assigning Wireguard Tunnels to pfsense interfaces
10:00 Configuring Static Routes in pfsense for Wireguard
11:43 Firewall Rules and Testing Wireguard VPN
14:52 Wireguard VPN and NAT
18:00 Production Wireguard VPN and Common Mistakes

1 Like
3

Hi there @LTS_Tom! Congrats on an excellent video!

Crazy question: Would it work if Site A and Site B have the same numbering on their LAN topology?

This seems crazy at first (who would want to create LANs with the same IP topology on two different locations?).

It just happens my situation is very specific. I’m migrating a bunch of Proxmox VMs from physical location A to physical location B. However, in order for the migration to work seamlessly, VMs can’t have different IPs when moved to the new location. Dozens of VMs that talk to each other and already have dozens of services with static IPs configured.

So I need to maintain exactly the same IP on each moved VM.

Of course I know the 2 LANs couldn’t have overlapping IPs but, when VMs are moved, IPs move with them so there’s no problem there.

Again great video and thanks in advance!

Hugo

4

No, for routing to work properly you need to have separate subnets.

1 Like
5

That leaves me with 2 options only:
1- Move all the VMs while having different subnets numbering and change it back to the original VMs subnet numbering when migration is finished.
2- Manually change all VMs static IPs on operating systems and services post migration.

Damn, hard choice!

Thanks a lot Tom!

Hugo

6

Or build another subnet to be used as a transport layer

7

All makes sense. I have recently setup a gilnet travel router for this and it works great, oddly I couldn’t get it to work nicely in opnsense so running on pfsense atm.
I have two tunnels setup, one for mobile devices and one for the travel router.
As you are using Unifi gateways more, similar concepts I assume? I have a family member that I have a vpn to, but using IPsec. Main reason, that was setup originally with Sophos XG
I have been considering using a Pi4 as a WG VPN concentrator to remove the firewall flavour factor.

8

It’s fine to use the UniFI gateway as a VPN, or you can run something like Netbird on a raspberry pi.