ACL control on Wireguard client connections

ACL control on Wireguard client connections

ACL control on Wireguard client connections
ACL control on Wireguard client connections
3 weeks ago - last edited 2 weeks ago
Model: ER707-M2   TL-SG105E  
Hardware Version: V1
Firmware Version: 1.2.3 Build 20240822 Rel.52946

Hi, it has been now a year that the official answer to the lack of ACL feature on Wireguard connections was posted here: https://community.tp-link.com/en/home/forum/topic/657630

 

Setup: I have a ER707-M2 router (managed by cloud-based Omada Controller) and a TL-SG105E switch (not Omada compatible). I have my "home" network (Home VLAN - 10.0.1.0/24) behind the switch and I have a set of servers directly connected to the gateway (Servers VLAN - 10.0.2.0/24). I have setup Wireguard to connect clients in a Wireguard VLAN, 10.0.3.0/24.

 

What I want is a way to prevent Wireguard clients (with IPs 10.0.3.x) to connect to my Home network and only have access to the Server one. As the post above describes, the Gateway ACL rules do not seem to apply to Wireguard client connections.

 

I'm not that familiar with VLAN configurations. Is there some magic I can achieve with VLAN configurations and some ACL rules or what not to achieve what I desire above (i.e. block all access to the Home VLAN network (10.0.1.x) from any Wireguard client connections (10.0.3.x)?

  0      
  0      
#1
Options
1 Accepted Solution
Re:ACL control on Wireguard client connections-Solution
2 weeks ago - last edited 2 weeks ago

  @madwood78 

There is no Router ACL that works with Wireguard yet. You can solve it with Switch ACL but then you need an Omada Switch, if you put the Omada switch between the router and the rest of your network then you can create ACL. You don't need an expensive switch, an SG2008 or an SG2008P if you need POE will work.

 

Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:ACL control on Wireguard client connections-Solution
2 weeks ago - last edited 2 weeks ago

  @madwood78 

There is no Router ACL that works with Wireguard yet. You can solve it with Switch ACL but then you need an Omada Switch, if you put the Omada switch between the router and the rest of your network then you can create ACL. You don't need an expensive switch, an SG2008 or an SG2008P if you need POE will work.

 

Recommended Solution
  1  
  1  
#2
Options