nsayer
New Around Here
This is a little complicated. I've got two houses and they've been linked with Synology routers using their site-to-site IPsec VPN. And that's been fine up to now except for two things:
1. Synology seems to be exiting the router business. They have no roadmap for multiple multi-gig port routers or WiFi7, so I think they're fired.
2. One of the houses is about to get 2G symmetrical fiber. Well, it'd be kind of dumb to plug a 2G capable ONT into a 2.5GE port on the Synology only to have 1GB on the LAN side or vice versa.
So I bought a BE-98Pro specifically because the Internet made me think it could do a site-to-site IPsec VPN and it has 10GE ports for both LAN and WAN. I absolutely don't need any of the gaming stuff. But I saw no other way to get s2s VPN and 10GE WAN and LAN (and mesh WiFi7 as well).
Well, it turns out they want to you to use Wireguard and Synology doesn't support that. Oops.
Ok, so my choices are
1. Return the BE98 and get something else (what?).
2. Figure out if there's a way - perhaps at the command line - to get an IPsec site-to-site VPN set up with the synology at the other end (at least for now. When I get back to the other place - 2000 miles away - I can swap that one out for a BE98 and switch to wireguard maybe - I am not absolutely wedded to IPsec. I just want it to work).
3. Figure out if there's a way to connect the BE98 via wireguard to a Raspberry Pi inside the firewall at the other end. Forwarding the wireguard traffic doesn't sound hard, but what sounds like it may be complex is that suddenly that premises will have to have a routing table of some sort, and that sounds rather grotesque.
The desired goal is that any device on either LAN can transparently see any other device on the other LAN (don't want to pass broadcast traffic - that gives HomeKit fits).
Thanks in advance for any ideas.
1. Synology seems to be exiting the router business. They have no roadmap for multiple multi-gig port routers or WiFi7, so I think they're fired.
2. One of the houses is about to get 2G symmetrical fiber. Well, it'd be kind of dumb to plug a 2G capable ONT into a 2.5GE port on the Synology only to have 1GB on the LAN side or vice versa.
So I bought a BE-98Pro specifically because the Internet made me think it could do a site-to-site IPsec VPN and it has 10GE ports for both LAN and WAN. I absolutely don't need any of the gaming stuff. But I saw no other way to get s2s VPN and 10GE WAN and LAN (and mesh WiFi7 as well).
Well, it turns out they want to you to use Wireguard and Synology doesn't support that. Oops.
Ok, so my choices are
1. Return the BE98 and get something else (what?).
2. Figure out if there's a way - perhaps at the command line - to get an IPsec site-to-site VPN set up with the synology at the other end (at least for now. When I get back to the other place - 2000 miles away - I can swap that one out for a BE98 and switch to wireguard maybe - I am not absolutely wedded to IPsec. I just want it to work).
3. Figure out if there's a way to connect the BE98 via wireguard to a Raspberry Pi inside the firewall at the other end. Forwarding the wireguard traffic doesn't sound hard, but what sounds like it may be complex is that suddenly that premises will have to have a routing table of some sort, and that sounds rather grotesque.
The desired goal is that any device on either LAN can transparently see any other device on the other LAN (don't want to pass broadcast traffic - that gives HomeKit fits).
Thanks in advance for any ideas.
