How to Peer VPCs between Vultr Locations with Wireguard
Author: Diego Murray and David Finster
Last Updated: Wed, Feb 1, 2023This is a preview. See the full solution at GitHub.com.
Introduction
A virtual private cloud (VPC) is a private network where you can deploy cloud servers, cloud GPUs, load balancers, and other Vultr resources to protect their network traffic. A VPC exists in a single Vultr location and cannot communicate with the internet or other VPCs. However, you can use VPN gateways to create a VPC peering connection between different locations, allowing them to communicate securely with each other.
VPC peering can improve security and flexibility in your network architecture. Notably, it's possible to deploy servers in a VPC with no public IP address while allowing them to communicate securely over the peering connection. This guide includes a practical example of that scenario.
This guide describes how to peer VPCs in different locations. If you want to peer VPCs in the same location, Vultr has a simple solution that doesn't require deploying gateway servers. Please see this VPC Peering guide to learn more.
Overview
Before you begin, it's helpful to visualize the complete scenario. By following the steps in this guide, you'll create the following resources and connections:
Two VPCs, one each in Amsterdam and Bangalore
Two Wireguard gateways that peer the VPCs over a site-to-site VPN
An application server in Amsterdam
A database server in Bangalore without a public IP address
After you finish these steps, users can connect to App-Server, which in turn connects to DB-Server over the peering connection, even though the database is completely isolated from the public internet.