I want to create a site to Site VPN without a physical firewall. It’s a temporary solution. Can I create that on a normal router ? Or is there any other solution?
Depends on the router.
If you have a hypervisor, use that and install a firewall or use zerotier, tailscale or wireguard im a VM or container.
You could also use a raspberry pi and install one of the mentioned things above.
And it you have a sick and twisted mind, you can also use a windows pc or server, activate routing and install one of the protocols above.
Old PC with multi eithernet adapters, install PVE, then run pfsense or opnsense as VM.
Tail scale is fairly easy. Not super fast. But good for temporary solution maybe ??
Do you have a hypervisor/server available? Install wireguard on a VM/your server, add routes on your router and you are fine. Have to do the same on the other side ofc.
or just an openvpn server. It can do ipsec s2s vpn.
Depends on what you mean by a “normal router”.
My sites have some form of a PC (APU2, desktop with 4 ethernet ports, etc) as their router (and firewall). I just setup the VPN on that.
After all, what is a physical firewall other than “some computer that routes, filters and modifies packets” ?
Use something like WireGuard, the setup should be like 6 line of configuration.
Good luck!
Check out tailscale.
Any two routers with enough CPU juice (and declared features) can do it. Think if you need encryption or not (non-encrypted VPN will be faster for software-based tunneling).
There is one thing I forgot to mention… The main branch has Fortigate Firewall.
Most routers can do GRE.
Depends on the model of router most new top end router have firewall capabilities but not as good as what a dedicated firewall can do.
TP-Link WiFi 6 AX1500
Mikrotik RB951
B
One problem is to have routing to this box. Usually, people want site2site but does not control networking, and can’t just add more routes to core.
Well you can skip the part of installing proxmox and install opnsense on baremetal
You can totally create a P2P vpn on a mikrotik.
What performance you’ll get out of it is another question, given the 951 is about the smallest thing they make that can be credibly called a router.
Maybe. Check the manual, but depending on what you want you might be better of with tailscale.
Most consumer grade routers I’ve seen have IPsec built in still.
Which makes sense, since they’re really just Linux boxes