[drdaeman]

> Lack of Wireguard docs/tutorials is unfortunate

The thing about Wireguard is that it's very simple and minimal. It does just one thing, and that is - establishes a layer 3 tunnel for sending IP packets between local machine and some other peers. It doesn't do mesh, it doesn't do routing (it just knows the IPs of its direct peers and that's all it does), it doesn't do bridging - all this stuff is done by other pieces such as Linux kernel, but not Wireguard itself.

> Wireguard walk-through to bridge two separate LANs

Same or different subnets for those LANs? If they're different and non-intersecting, and if you don't need cross-LAN broadcast or multicast, the simplest option is to establish a Wireguard connection between those LAN's default gateway routers (assuming you can do this), and on each of those routers set up a route that sends opposite LAN's traffic to the opposite gateway (in case of iproute2: `ip route add my.other.lan.subnet/mask via my.other.lan.gw`, how to make this persistent depends on your distro). Then, on each gateway, allow packet forwarding between Wireguard and LAN interfaces (with e.g. iptables or nftables or whatever you use there).

If you can't run Wireguard on gateways, the overall principle holds, but you'll need to distribute routes to your respective LANs via Wireguard-running routers through DHCP or whatever you use for routing on your LANs (e.g. OSPF).

And if your LANs both have the same subnet, or if you need multicast, things get significantly trickier (plus, there's inevitable question of what should happen if two machines on different LANs have the same IP). You'll probably need to run something like L2TP or GRETAP (or something else that can encapsulate you layer 2) over Wireguard.

Or maybe just use OpenVPN in TAP mode (if you want all stuff independent of any third parties) or Tailscale (because it already works).

[icedchai]

A few years ago I decided to get my own ASN. I have a couple of VPSes running BGP with my upstreams at geographically diverse but relatively close locations (10 to 15 ms ping.) I have Wireguard tunnels between the VPSes and also from each VPS to my home network, forming a mesh w/OSPF. Originally, I was only injecting default routes into OSPF so I'd have basic redundancy if things failed, treating one provider as a secondary, not caring much about outgoing load balancing. I recently switched to internal BGP though, and am doing some load balancing w/partial tables. Pretty cool stuff. I used BIRD for OSPF and BGP.

[chatmasta]

This is my dream setup. Awesome.

[icedchai]

Thanks! It was fun setting it up! I was originally a network engineer working for early ISPs, before moving on to more of a software focus. I was lucky enough to register my own IPv4 block back in the 90's.

[hhh]

The end of your comment “or use Tailscale” sums up why I would use Tailscale here.

[drdaeman]

Of course. Picking a tool is always a matter of what one already knows. If you've already learned Tailscale and it fits all your requirements - that means you go with it, unless you have some reasons not to do it (which is rare).

And Tailscale surely has one benefit here - it's one single product, with essentially no variations, so it's (I presume, I haven't ever used Tailscale myself - never needed it) easy to write a step-by-step instructions for. Generic "GNU/Linux software router with Wireguard" is an extremely vague target that impossible to give instructions for, unless you spend a lot of time describing the problem in finer detail.