I saw Mr. Tom’s video on youtube for Site to Site WireGuard. How about site to multisite ? Anyone knows what’s needed to setup 1 central and 3 sites configuration ? Different tunnel for each site, different port for each site or both ?
Seems that there is a problem with 3 peers on same tunnel, it routes always to the first peer. (There is no route through the WireGuard virtual interface to all peers.
Slightly related but was trying to get Tailscale to work with PFSense 23.09 and there’s a current bug that’s meaning Outbound NAT for Tailscale will not work.
Any reason why separate tunnels are better? I have a multi site client, and each site is a peer on a common fireguard tunnel. It’s been working fine so far. Its also worked great for transitioning them from a hub and spoke setup to a partial mesh.
Granted… it’s 3 years later now I didn’t build this setup until 23.01 came out. Perhaps Wireguard in pfSense works better now than it used to.
So you are using the same cert for each peer? And I guess the same AllowedIPs list?
I am curious what other people think about this setup. It’s not how I have done it (nor would do now), but I guess it would work. You could still fw things off based on the gateway IP in the wg tunnel, so I guess the common cert might not be that big of deal.