Replacing site-to-site VPNs, AWS VPN, GCP VPN with WireGuard

A site-to-site VPN transparently forwards network traffic between two or more local networks.

Devices or virtual machines on one of those networks can easily access services on all the other subnets, without needing to install any software on the device itself.

Typical uses

  • connecting physical offices to the cloud
  • linking AWS VPCs (Virtual Private Clouds) across regions
  • linking between different cloud providers (such as Google to AWS)
  • sharing servers or APIs with external suppliers, partners, or contractors.

Common site-to-site VPN platforms

  • AWS VPN and AWS Direct Connect
  • Cisco or Palo Alto Networks hardware
  • Linux devices configured for IPsec or WireGuard

Using Tailscale+WireGuard as a site-to-site VPN

Tailscale can replace all these traditional site-to-site configurations with a secure, high-performance WireGuard® mesh.

To get started, configure a Tailscale subnet router in each location.

Tailscale handles all the key management and routing needed to create a multi-site mesh network automatically.