# l2tp-over-wireguard

Configuration files for setting up a two-site LAN using L2TP carried by WireGuard

## Why?
WireGuard provides a fast and secure VPN tunnel, which allows unsecure L2TPv3 traffic to travel cross-site securely. Having a VPN tunnel also lets us use the slimmer IP encapsulation of L2TPv3 rather than UDP, since NAT traversal is no longer an issue.

> [!NOTE]
> Make sure to generate new public, private and pre-shared keys for your own deployment. Keys were included in this repository for testing purposes (like with GNS3).

## Example Topology

![GNS3 Topology](https://git.jaroszew.ski/adrian/l2tp-over-wireguard/raw/branch/main/topology.png "Example GNS3 Topology")

This configuration has been tested in GNS3, and all of the configuration's default values reflect this topology. 

The `main-site` files are for the Debian host 'Wireguard-Peer-Main', while `off-site` contains the configurations for 'Wireguard-Peer-Remote'. `main-site` also contains a basic configuration of ISC DHCP Server, to show that devices on the off-site recieve addresses from the main site's DHCP server (demonstrating L2 transfer).