Hi, it has been now a year that the official answer to the lack of ACL feature on Wireguard connections was posted here: https://community.tp-link.com/en/home/forum/topic/657630

Setup: I have a ER707-M2 router (managed by cloud-based Omada Controller) and a TL-SG105E switch (not Omada compatible). I have my "home" network (Home VLAN - 10.0.1.0/24) behind the switch and I have a set of servers directly connected to the gateway (Servers VLAN - 10.0.2.0/24). I have setup Wireguard to connect clients in a Wireguard VLAN, 10.0.3.0/24.

What I want is a way to prevent Wireguard clients (with IPs 10.0.3.x) to connect to my Home network and only have access to the Server one. As the post above describes, the Gateway ACL rules do not seem to apply to Wireguard client connections.

I'm not that familiar with VLAN configurations. Is there some magic I can achieve with VLAN configurations and some ACL rules or what not to achieve what I desire above (i.e. block all access to the Home VLAN network (10.0.1.x) from any Wireguard client connections (10.0.3.x)?