Wireguard Network type

I need some preliminary advice on a wireguard setup and definitions.

Currently at my office I have a router with openvpn. I connect to the office from my home system and am considered by the office to be on the local network. There are systems there I need to ssh into and they only accept local connections. My business, so I set the policy.

I am replacing openvpn, for several reasons, on the office router with wireguard running on a server at the office. The same router will still be in use, port forwarding to the wireguard server. It can't use openwrt or wireguard and can't be replaced at this time.
I have a openwrt router at home. Static IPs at both ends.

What I want is site to site(I believe) from home to the office and vice-versa. However I don't want all traffic from home to be through wireguard, just to the office. So if connected to the office or office to home, they are considered to be on the same network. With the current setup it is home to office only.

Do I setup the home openwrt wireguard as a server or client?
What is the type of network I'm trying to setup called? Obviously I'm not a network expert and searching the 'net and documentation is difficult if I don't have the terminology correct. I'm just looking for an answer like ' you want a site to site network with wireguard client on the home openwrt router', so I can make sure I'm looking at the correct documentation. Thank you.

Hi!

I've set up Wireguard to access my home network from outside. I have to say it was somewhat a mental exercise as being familiar with OpenVPN it was difficult for me to wrap my head around the fact that there really are no 'servers' and 'clients' in the context of Wireguard. There are just 'endpoints', or 'peers', in Wireguard.

What you want is an interface of type Wireguard VPN on your home OpenWRT. Then you just add the office as a peer. For this you need the office end's public key. Also at the office you need the home OpenWRT's public key. This way the peers can establish a trust relationship and encrypt traffic.

As for directing only some traffic through Wireguard, I guess you could set up static routes.

EDIT: You need an interface of type Wireguard VPN, and not a device, as previously stated.

OpenWrt as a wg client. The server, as in the one listening to the connections, will run on your office network.

We're venturing into the off-topic territory now, but if I were you, I'd set up your office to run wg server and accept connections, then test it from a computer at your home and once you confirm that works (and that is definitely OT here, because OpenWrt is not involved until the final step), then stop using the client on your computer and set up the wg client on OpenWrt.

1 Like

The office is setup as server, your home router as client.
With one exception, instead of allowed ips 0.0.0.0/0 you set the office subnet as allowed ips.
Make sure to enable route allowed ips.

This will only route traffic to your office via WG, all other traffic will use the normal wan.

3 Likes

Thank you everyone, exactly the answers I was looking for.

Don't know if you can switch that, but @egc's answer is a better solution than mine.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.