Here's the scenario I want to set up: My local OpenWRT home router to connect to a PFSense router at work. It currently has an IPSec mobile config and I recently installed a wireguard package.
Ideally, I'd like all traffic for the 10.0.0.0/8 and 172.16.0.0/16 networks to go over a tunnel to the PFSense box, while all other traffic goes out the non-VPN gateway. My local is 192.168.5.0/24.
I tried following a couple of online guides but didn't get anywhere. Wireguard doesn't seem well supported on either end, and the IPSec setups I've seen involve a lot of careful firewall configurations so I wanted to check in and see what people were doing for site-to-site.
I have full admin access to both ends. Any help appreciated!
Wireguard works very well and is rather easy to set up, as server, client, and site to site.
As pfsense is BSD based, IPSec/ strongswan (or OpenVPN) might be a better option for now. Yes, afaik wireguard is a topic for xBSD and pfsense as well, but I'm not sure about its implementation state there. If you were running OpenWrt on both ends, wireguard would be an easier (and generally faster) solution.
I know lots of people say don't do it.. but layer 2 openvpn connection from openwrt remote router to pfsense main router works well for me. The routing policy all happens on the pfsense box and it's relatively easy to set up since I can do it.
Openvpn/wireguard/openwrt has the really fantastic policy based routing app so for me it'd be an easier way for what you want and if you don't want all your traffic to go via the main router on a layer 3 connection.
Wireguard on pfsense seems to be a subject to be avoided though.
Do you have any examples I can look at for configuration? Not a lot turning up online.
Probably all you need to know below (for a conventional Layer 3 site to site) and in the readme linked in that thread. It's really one of the best features of openwrt.
VPN policy routing