[GL.iNet] Site to Site feature is now available

We’re excited to announce that Site to Site feature is available now.
It allows offices in multiple locations to establish secure connections with each other over internet. It extends the company’s network, making computers resources from one location available to employees at other locations.

Senerio 1: A company has dozens of branch offices that they wish to join in a single private network to share resources.

Senerio 2: A company has a close relationship with a partner company, the Site to Site allows the companies to work together in a secure, shared network environment while preventing access to their separate internets.

Senerio 3: A family has IP camera and when they are not at home, the Site to Site allows to remote access the IP camera.

Condition:
One of the locations has a public static(or dynamic) ip, and two or more GL-iNet devices with v3.026

https://www.gl-inet.com/solutions/site-to-site/
https://docs.gl-inet.com/en/3/app/cloud/#site-to-site

So it’s a VPN server with clients connecting to it?.. How is this any different than just configuring OpenVPN server on one device then VPN clients on the other two? Or is the goal to just “simplify” the process of doing that?

Technically it is vpn server and client. We are using Wireguard, not openvpn.

But they are very different, in the following aspects:

  1. VPN client and server set up is complicated. So you have to set up server, get the config and set up client. Most people cannot get this done within 30 minutes. We Site2Site you can do this in minutes.
  2. It is about routing. Site2Site only links two networks into one. Each network will still have its own Internet. This is very different from a client/server concept which client’s Data will all go through the server.
  3. It is about automation. So you do not need to configure server then client. You can just create a network via cloud and all will be set up. And you can monitor the connections.
  4. I is about business concept. Linking multiple offices in different locations is not a technical concept, but rather business concept and it addresses productivity.

So all applications is some tools/platform/UI that is based on basic IT technologies.

Here is my use case. Is site2site the best option for me? Hopefully you can answer this in simple words to make it easy to understand

I have a NAS at my house to record TV shows (using HDHomeRun DVR). The NAS is in my home LAN address space. When at home, I can use the HDHomeRun client on my tablet or phone to watch TV.

Now, I want a solution so that, when I am at a hotel, I can watch the same shows there, using the same HDHomerun client, as if I was on my home LAN.

I use GL routers throughout my home, including my main gateway and DHCP server. Assume I can bring another GL router with me to the hotel room.

What are the advantages or disadvantages of using site2site vs a Wireguard VPN setup?

I have a question: Does your HDHomeRun client needs to use a IP address to access the NAS?

For example, if you NAS is 192.168.1.5 and your tablet’s IP is on another router while having an IP 192.168.8.11, can the HDHomeRun work?

If yes then Site2Site is the correct way for you.

If you can set up Wireguard by yourself and set up the correct routing, then you can use that.

Advantages:

  • No cloud needed.
  • It is a great satisfaction for tech guys to DIY their own solution.

Disadvantages:

  • Too complicated. Even for one with good skills, it takes 30 minutes to configure everything.
  • If you failed to configure your server before you leave home, then you cannot do it on your travel.
  • Coping with routing is difficult. By default all your data goes to your home. So your internet is may be throttled.

But if you use Site2Site, you do not need to worry about setting up sever and client.

Advantages:

  • As long as you have the correct firmware, you can set up this in minutes. Server and client config will be distributed automatically.
  • You can set this up on your way. So if you failed to make it work before leaving home, you can set up anytime.
  • Your Internet data and your NAS access is in different route. So your Internet may not be throttled.
  • You can monitor how much data you used. There is only simple monitoring including totally traffic transmitted.
  • If you ISP changed your IP address, the Site2Site network will self-heal itself.

Disadvantages:

  • You have to use our Cloud to config this. Although we do not store any of your config and data, some users still have privacy concerns.
  • Now the default routing policy is splitting Internet and in-site access. So if you want to use vpn to protect your privacy this may not work for you now. But this is just routing policy so we will cope this later.

I don’t want this announcement thread to become my own private tech support channel, so please move this to a different thread if you think it is best.

As to your question, I don’t know. I have only tried this when my tablet and NAS are on the same subnet. I don’t think setting up a VPN client and server would be hard for me, but my assumption was that, by default, clients would be put in a different subnet than the server’s DHCP space. Perhaps there is an easy routing rule to handle this, but I have not figured that out. Any pointers to resources? Alternatively, is it better to force the VPN client to live in the same subnet as my home has?

To do this, you may need layer 2 bridging. Openvpn tap can do this job. Or a GRE tunnel.
We do not have this set up in the UI, but some people do this. Using Layer2 bridge, your device will be a client of you home network and all data goes there.