WireGuard setup with internet access only
I'd like to setup a WireGuard server, on a way, that any client connecting to it, would have access only to the internet, but no access to anything in the local network.
My ER605 router is behind the ISP modem (what is in normal NAT mode, not bridge mode). All LAN clients are connected directly to the router. Omada Controller runs from a docker container in LAN.
I've succesfully setup the WireGuard server, can connect and it works, but cant figure out how to deny access to the local network.
What I've tried, is to define a VLAN, configure Wireguard peers to use IPs from that VLAN, and created a Gateway ACL to block the VLAN to access LAN.
Any ideas why this isnt working, and how to fix it?
WAN setup:
LAN setup:
VLAN for WireGuard setup:
WireGuard server:
WireGuard client:
Gateway ACL:
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Ligu
So, I confirmed with the team that this is not available. Future firmware updates will add related functions like ACL to block access. ETA V5.15 but not limited to this version.
Thanks for your valuable feedback and post here. This request has been added to the roadmap. Yet it's not the highest priority task and this might take some time before you see this feature available. You can pay attention to the firmware release in the future.
As a reminder, we are not able to give a specific date for a beta or official firmware release. Nor can we guarantee an ETA for the firmware. We recommend you subscribe for the Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates.
- Copy Link
- Report Inappropriate Content
Hi @Ligu
Thanks for posting in our business forum.
It does not work, how do you verify it? Screenshot of your results?
- Copy Link
- Report Inappropriate Content
@Clive_A "Doesnt work" means, that I can connect from my external android client, over the internet, to this server succesfully:
And then I can successfully access an address inside the localnetwork of the server, when I should not.
I would like to be able to setup the wireguard server on the router on a way, that whoever connects to it, can access only public internet addresses, but nothing in the local network. All 192.168.0.xxx should be blocked.
- Copy Link
- Report Inappropriate Content
Hi @Ligu
So, I confirmed with the team that this is not available. Future firmware updates will add related functions like ACL to block access. ETA V5.15 but not limited to this version.
Thanks for your valuable feedback and post here. This request has been added to the roadmap. Yet it's not the highest priority task and this might take some time before you see this feature available. You can pay attention to the firmware release in the future.
As a reminder, we are not able to give a specific date for a beta or official firmware release. Nor can we guarantee an ETA for the firmware. We recommend you subscribe for the Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 275
Replies: 3
Voters 0
No one has voted for it yet.