Stay Connected with Firewalla Site to Site VPN
Firewalla Site to Site VPN allows you to connect two or more networks over encrypted links, such that devices in one network can reach devices in the other network under the protection of Firewalla. Unlike client-to-server VPNs, access is bi-directional.
Site to Site VPNs are great for connecting multiple offices or homes. By setting up a site-to-site connection, you'll be able to seamlessly access shared devices such as file servers, printers, and video cameras no matter which site you're at.
What do I need to set up a Site to Site VPN?
- A site-to-site VPN setup requires 2 Firewalla boxes. One to act as the VPN server, and the other to act as the VPN client.
- To have networks reach each other, you will need to make sure their subnets have different IP ranges.
- If you want to add more sites to a site-to-site VPN, you must connect them to the same VPN Server.
How do I set up a Site to Site VPN?
First, you'll need to set up the VPN Server on one of your Firewalla boxes. Navigate to your box's main page, tap VPN Server, and turn on the OpenVPN or WireGuard server. Then, tap Setup. You may need to set up port forwarding if required. Read our articles on OpenVPN Server Configuration and WireGuard VPN Server Configuration for more details.
After setting up the VPN Server on one site, you'll need to create a VPN connection using the VPN Client feature on the other site. On your other Firewalla box:
- On your box's main screen, tap VPN Client, then tap + Create VPN Connection.
- Choose Site to Site VPN as the type of VPN connection.
- On the Select Peer Site page, select the Firewalla box with the VPN server enabled.
- You'll be asked to choose a protocol– OpenVPN or WireGuard. Pick the one you've enabled on the server site in the last step.
- Tap Done to finish setting up the new VPN connection.
Finally, to connect devices to your new VPN connection, tap into the VPN Client feature on the VPN Client Box. Tap on your new VPN Connection and switch the VPN on. You'll see the status become "Connected." From this point on, devices on the VPN Server site will be able to access the network on the VPN Client site.
To selectively send your VPN Client site's traffic through the VPN, tap Apply To under the VPN connection. Then, select the devices, networks, or groups you'd like to connect to the server site and tap Save.
Firewalla will automatically pick up your primary WAN (if you have a dual-WAN setup) and IP type (preferably IPv4) to establish your VPN Server connection.
If you want to connect multiple sites and apply more granular policies between the units, please see our complete guide on Firewalla Site to Site VPN.
Firewalla MSP: VPN Mesh
VPN mesh is a type of VPN topology designed to provide high availability and redundancy for VPN connections. In a VPN mesh, each VPN gateway has multiple connections to other VPN gateways, creating a fully interconnected network of VPN connections.
With Firewalla VPN Mesh, you can seamlessly link multiple Firewalla units together and enable your employees or family members to access anything, anywhere. VPN Mesh will be available through Firewalla Managed Security Portal (MSP), designed to make it easy, convenient, and efficient to manage a fleet of Firewalla boxes. You can learn more in our introduction article all about Firewalla MSP.
This is part of our Firewalla Weekly Newsletter. You can sign up here https://firewalla.com/weekly.