VPN and Firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN and Firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN and Firewall
VPN and Firewall
2024-02-05 13:12:51 - last edited 2024-02-05 14:17:36
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.4.0 Build 20231114 Rel.36220

I have wireguard VPN server on my router.

I have peer for this VPN and his IP address 10.10.100.2

How can i say in firewall that this ip 100.2 can connect to host in VLAN10, but cant to other host VLAN20?

Or i cant?

  0      
  0      
#1
Options
4 Reply
Re:VPN and Firewall
2024-02-06 01:11:58

Hi @XoXa 

Thanks for posting in our business forum.

Have you tried the ACL yet?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#3
Options
Re:VPN and Firewall
2024-02-06 08:06:26 - last edited 2024-02-06 08:07:54

  @Clive_A 

Thanks a lot for answer. Sorry if im in wrong place.

I tried Firewall - AccessControl. I created rule which says "No acces from Vlan10 to Vlan20" and it worked perfectly.

But when i tried to create vlan100 (cos its working with NETs, if you choosing LAN -> LAN) with this IP 10.10.100.2 and tell them "deny from 10.10.100.2 to VLAN10" - nothing happened. Im connecting to VPN and still can use vlan10 hosts. So looks like i need to do something to put my VPN wireguard in 100 VLAN? But how?

I dont see interfaces like WG0 in GUI, but i see it in Zabbix.

I beleave im loosing something...

 

  0  
  0  
#4
Options
Re:VPN and Firewall
2024-02-06 09:34:05

Hi @XoXa 

Thanks for posting in our business forum.

XoXa wrote

  @Clive_A 

Thanks a lot for answer. Sorry if im in wrong place.

I tried Firewall - AccessControl. I created rule which says "No acces from Vlan10 to Vlan20" and it worked perfectly.

But when i tried to create vlan100 (cos its working with NETs, if you choosing LAN -> LAN) with this IP 10.10.100.2 and tell them "deny from 10.10.100.2 to VLAN10" - nothing happened. Im connecting to VPN and still can use vlan10 hosts. So looks like i need to do something to put my VPN wireguard in 100 VLAN? But how?

I dont see interfaces like WG0 in GUI, but i see it in Zabbix.

I beleave im loosing something...

 

Thinks this is a missing feature with the IP as Source. IP-Port and IP group are not available on the Omada router.

But no worries, this has been submitted and your request will be logged as well.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:VPN and Firewall
2024-02-06 15:59:34 - last edited 2024-02-06 16:00:12

Which source can be used to control vpn-peer routing?

  0  
  0  
#6
Options