Business Community > Routers > WireGuard setup with internet access only
< Routers

WireGuard setup with internet access only

WireGuard setup with internet access only

WireGuard setup with internet access only
WireGuard setup with internet access only
2024-02-29 01:14:32 - last edited 2024-03-07 03:10:02
Tags: #WireGuard #Gateway ACL
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4

I'd like to setup a WireGuard server, on a way, that any client connecting to it, would have access only to the internet, but no access to anything in the local network.

 

My ER605 router is behind the ISP modem (what is in normal NAT mode, not bridge mode). All LAN clients are connected directly to the router. Omada Controller runs from a docker container in LAN.

 

I've succesfully setup the WireGuard server, can connect and it works, but cant figure out how to deny access to the local network.

What I've tried, is to define a VLAN, configure Wireguard peers to use IPs from that VLAN, and created a Gateway ACL to block the VLAN to access LAN.
Any ideas why this isnt working, and how to fix it?

WAN setup:


LAN setup:

VLAN for WireGuard setup:

WireGuard server:

WireGuard client:


Gateway ACL:

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:WireGuard setup with internet access only-Solution
2024-03-07 03:09:45 - last edited 2024-03-07 03:10:02

Hi @Ligu

So, I confirmed with the team that this is not available. Future firmware updates will add related functions like ACL to block access. ETA V5.15 but not limited to this version. 

 

Thanks for your valuable feedback and post here. This request has been added to the roadmap. Yet it's not the highest priority task and this might take some time before you see this feature available. You can pay attention to the firmware release in the future.
As a reminder, we are not able to give a specific date for a beta or official firmware release. Nor can we guarantee an ETA for the firmware. We recommend you subscribe for the Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  1  
  1  
#4
Options
3 Reply
Re:WireGuard setup with internet access only
2024-02-29 01:32:49

Hi @Ligu 

Thanks for posting in our business forum.

It does not work, how do you verify it? Screenshot of your results?

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  0  
  0  
#2
Options
Re:WireGuard setup with internet access only
2024-03-07 00:54:34 - last edited 2024-03-07 00:56:25

  @Clive_A "Doesnt work" means, that I can connect from my external android client, over the internet, to this server succesfully:

And then I can successfully access an address inside the localnetwork of the server, when I should not.

I would like to be able to setup the wireguard server on the router on a way, that whoever connects to it, can access only public internet addresses, but nothing in the local network. All 192.168.0.xxx should be blocked.

  1  
  1  
#3
Options
Re:WireGuard setup with internet access only-Solution
2024-03-07 03:09:45 - last edited 2024-03-07 03:10:02

Hi @Ligu

So, I confirmed with the team that this is not available. Future firmware updates will add related functions like ACL to block access. ETA V5.15 but not limited to this version. 

 

Thanks for your valuable feedback and post here. This request has been added to the roadmap. Yet it's not the highest priority task and this might take some time before you see this feature available. You can pay attention to the firmware release in the future.
As a reminder, we are not able to give a specific date for a beta or official firmware release. Nor can we guarantee an ETA for the firmware. We recommend you subscribe for the Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  1  
  1  
#4
Options

Information

Helpful: 0

Views: 275

Replies: 3

Tags

WireGuard Gateway ACL
Related Articles
Configuration Wireguard
258 0
ER605, WAN to LAN communication, Wireguard
188 0
ER605 v2.0 Wireguard setup
3232 0
OpenVpn Setup internet only
503 0
ER605 Site to Site Wireguard setup
833 0
ER605v2 router using Omada Controller is not connecting to External Wireguard Server
129 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.