A site-to-site VPN is a particular use case for a VPN tunnel where the goal is not to route all traffic from network A into the VPN, but rather to grant network A access to network B remotely. This is also sometimes called a “split-tunnel”, “split-brain”, or a “split-routing” VPN.
The general setup is typically like this:
- Diagram split-route VPN
OpenWRT & Wireguard setup
For this example, I’m using a Wireguard VPN client on an OpenWRT router.
- Create a new Wireguard interface:
- OpenWRT LuCI ⇒ Network ⇒ Interfaces
- “Create New Interface” at the bottom of the list
- Give it a name, and select Protocol = WireGuard VPN
- In the General Settings tab:
- Confirm “Disable this interface” ⇒ unchecked
- Confirm “Bring up on boot” ⇒ checked
- Click “Generate new key pair”
- Confirm “Listen Port” is blank
- In the Firewall tab:
- Assign or create a new firewall zone
- Save and apply changes
- Acquire the config file
- This will typically involve generating or getting a wireguard config from the admin of the network you want to connect to.