Wireguard with a Dual-WAN failover scenario

Hi,
I’ve already set up several Wireguard tunnels in OPnsense (either site-to-site or a Road Warrior one) before. If you have a static public IP on the WAN interface, the setup is simple and straightforward, even if the other side (the Road warrior) has a dynamic IP or is even under CGNAT). Ok.

What if there is a dual WAN setup on OPNsense where the first WAN gets a static public IP and the second WAN only gets a dynamic IP?

I need some guidelines to start and get it right, please.
Do I need to set up two Wireguard interfaces on OPNsense and two different config file on the road warrior machine?

Thanks

Not something I have tested but it should work by having a DNS entry for both WAN interface that Wireugard connects to.

Not sure that I’ve got what you meant. Did you mean a DDNS service?

Yes, that should work. If the primary WAN fails then DDNS would update the IP to be the secondary.

In your opinion, wouldn’t the tunnel need to be restarted somehow to establish the connection again if the first WAN goes down?

The tunnel should auto restart

1 Like

Great! Thank you very much.