Site-to-site VPN between two office locations.
Two firewalls with IPsec or WireGuard between them, one pipe between networks. Works fine, but do not underestimate how often NAT, asymmetric routing or MTU issues ruin your day.
Try this first
- 1Both offices must have different internal subnets or you have overlap and nothing routes.
- 2Choose IKEv2/IPsec or WireGuard depending on what both firewalls support, do not use IKEv1.
- 3Add routes on both sides and verify with ping and traceroute from both directions, often it works one way only.
- 4Set tunnel MTU to 1380 or 1400 to avoid fragmentation, especially with PPPoE-based providers.
When to bring us in
More than two sites or new branches added regularly: do not build a mesh of site-to-site, deploy SD-WAN or a Tailscale subnet router.
See also
- VPN will not connect or keeps droppingTwo main causes: your home internet or the VPN server. One quick test separates them.
- VPN connects but corporate folders are unreachableConnection says "green" but your network drives will not open. Almost always a DNS or routing issue.
- Home PC slow on VPN, fast at the officeThree suspects: home internet, VPN server limits, or routing that takes a long detour.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.