Hi, wondering if anyone has had success routing internet traffic from a branch location, over Wireguard out a HQ site. There is a recipe at Netgate for this using OpenVPN. Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel | pfSense Documentation
From the snippets I’ve seen ppl are advising policy route out the branch over the tun_wg to HQ and HQ to the internet using Outbound NAT. Haven’t had success there. I’d hate to go back to OpenVPN after upgrading to Wireguard.
I have never done it, but I am sure its possible, but why would you want to do that?
For king and country and standardizing internet access policy across one platform.
After a lot of effort I went back and installed OpenVPN Site to Site using TLS. Although I could never get the HQ site to use OVPN to access the Branch, having the Branch being able to access the HQ (I spent way too much time trying to resolve an issue that didn’t need to be resolved), it was then easy to use outbound NAT at the HQ to send traffic from the Branch out the HQ WAN. Back at the Branch, a policy route was needed to send out bound traffic out over the OVPN connection and transit the HQ IP.
As for administrative VPN activity, from mobile or HQ, to reach the branch, I use Tailscale.
The other challenge was VLANS from pfrsense, cisco and unifi.