Nounours (my main router) has a number of tunnels:

1. Tunnels to OZ7SAT at Amager
2. Tunnel 'home' - Interface: wg1
3. Tunnel to Rigpi at Amager - Interface : wg2

Two tunnels exist between Nounours and Amsat (The OZ7SAT group's SatNOGS groundstation at Amanger):

1. The main tunnel, the purpose of which is to enable management access to AMSAT
2. The backup tunnel, which primarily exists because the main tunnel that uses Wireguard from time to time stops working. It can then use the backup tunnel to access Amsat and remedy the situation.

The main tunnel uses Wireguard:

The two ends have almost identical configurations found at

/etc/systemd/network/wg0.net{dev|work}

The tunnel interfaces are managed as part of systemd-networkd and will be brought up and down with the entire network. If needed an individual interface may be restarted (brought down and back up again) using these commands:

ip link delete dev wg0
networkctl reload

The backup tunnel uses OpenVPN:

Nounours:

/etc/openvpn/server/server.conf

Amsat

/etc/openvpn/client/client.conf

The client end runs continously whereas the server end at Nounours only runs as needed.

Nounours:

systemctl [start|stop|restart|status] openvpn-server@server.service

Amsat:

systemctl [start|stop|restart|status] openvpn-server@client.service

This interface is the endpoint for a tunnel from my laptop to Nounours.

The Nounours configuration is found at

/etc/systemd/network/wg1.net{dev|work}

it uses IP addresses 172.19.0.1 (Nounours)and 172.19.0.2 (Laptop)