Business Community > Gateways > ACLs for VPN client IPs (Wireguard or other)
< Gateways

ACLs for VPN client IPs (Wireguard or other)

ACLs for VPN client IPs (Wireguard or other)

ACLs for VPN client IPs (Wireguard or other)
ACLs for VPN client IPs (Wireguard or other)
Saturday - last edited Monday
Tags: #VPN #ACL
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.4.2 Build 20240618 Rel.63827

Hello,

 

I have Wireguard configured and working, but I want to block access to certain subnets of the ER7206 from the Wireguard client IPs.

So far it looks llike it's not possible, but I could be missing something. Does anyone know how to do it, if it's even possible?

I haven't yet tried any other of the VPN options of the ER7206, but does anyone know if any of the others allow to create ACLs to control access from the VPN IPs?

 

Thanks,

JS

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:ACLs for VPN client IPs (Wireguard or other)-Solution
Monday - last edited Monday

  @Johnny66 

Thank you for your post. Currently, the WireGuard VPN client does not support configuring Gateway ACLs. However, you can restrict access to the router by specifying only certain subnets in the client’s Allowed IPs. Other VPNs allow you to filter access to the Gateway’s local network by simply checking the “Local Network” option during setup.

Recommended Solution
  0  
  0  
#3
Options
3 Reply
Re:ACLs for VPN client IPs (Wireguard or other)
Sunday

  @Johnny66 

 

You cannot block Wireguard with Router ACL, but if you have an Omada switch SGxxx or larger, you can use Switch ACL to block Wireguard.

 

 

  0  
  0  
#2
Options
Re:ACLs for VPN client IPs (Wireguard or other)-Solution
Monday - last edited Monday

  @Johnny66 

Thank you for your post. Currently, the WireGuard VPN client does not support configuring Gateway ACLs. However, you can restrict access to the router by specifying only certain subnets in the client’s Allowed IPs. Other VPNs allow you to filter access to the Gateway’s local network by simply checking the “Local Network” option during setup.

Recommended Solution
  0  
  0  
#3
Options
Re:ACLs for VPN client IPs (Wireguard or other)
Monday

Hello,

 

Thank you for your replies

I ended up moving to the L2TP VPN as it allows me to use ACLs. I think with OpenVPN we can also use ACLs, but I haven't tried it yet.

 

Tks & rgds,

JS

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 420

Replies: 3

Tags

VPN ACL
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.