Business Community > All Threads > WireGuard setup with internet access only
< All Threads

WireGuard setup with internet access only

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

WireGuard setup with internet access only

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
WireGuard setup with internet access only
WireGuard setup with internet access only
2024-02-29 01:14:32 - last edited 2024-03-07 03:10:02
Tags: #WireGuard #Gateway ACL
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4

I'd like to setup a WireGuard server, on a way, that any client connecting to it, would have access only to the internet, but no access to anything in the local network.

 

My ER605 router is behind the ISP modem (what is in normal NAT mode, not bridge mode). All LAN clients are connected directly to the router. Omada Controller runs from a docker container in LAN.

 

I've succesfully setup the WireGuard server, can connect and it works, but cant figure out how to deny access to the local network.

What I've tried, is to define a VLAN, configure Wireguard peers to use IPs from that VLAN, and created a Gateway ACL to block the VLAN to access LAN.
Any ideas why this isnt working, and how to fix it?

WAN setup:


LAN setup:

VLAN for WireGuard setup:

WireGuard server:

WireGuard client:


Gateway ACL:

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:WireGuard setup with internet access only-Solution
2024-03-07 03:09:45 - last edited 2024-03-07 03:10:02

Hi @Ligu

So, I confirmed with the team that this is not available. Future firmware updates will add related functions like ACL to block access. ETA V5.15 but not limited to this version. 

 

Thanks for your valuable feedback and post here. This request has been added to the roadmap. Yet it's not the highest priority task and this might take some time before you see this feature available. You can pay attention to the firmware release in the future.
As a reminder, we are not able to give a specific date for a beta or official firmware release. Nor can we guarantee an ETA for the firmware. We recommend you subscribe for the Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#4
Options
3 Reply
Re:WireGuard setup with internet access only
2024-02-29 01:32:49

Hi @Ligu 

Thanks for posting in our business forum.

It does not work, how do you verify it? Screenshot of your results?

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:WireGuard setup with internet access only
2024-03-07 00:54:34 - last edited 2024-03-07 00:56:25

  @Clive_A "Doesnt work" means, that I can connect from my external android client, over the internet, to this server succesfully:

And then I can successfully access an address inside the localnetwork of the server, when I should not.

I would like to be able to setup the wireguard server on the router on a way, that whoever connects to it, can access only public internet addresses, but nothing in the local network. All 192.168.0.xxx should be blocked.

  1  
  1  
#3
Options
Re:WireGuard setup with internet access only-Solution
2024-03-07 03:09:45 - last edited 2024-03-07 03:10:02

Hi @Ligu

So, I confirmed with the team that this is not available. Future firmware updates will add related functions like ACL to block access. ETA V5.15 but not limited to this version. 

 

Thanks for your valuable feedback and post here. This request has been added to the roadmap. Yet it's not the highest priority task and this might take some time before you see this feature available. You can pay attention to the firmware release in the future.
As a reminder, we are not able to give a specific date for a beta or official firmware release. Nor can we guarantee an ETA for the firmware. We recommend you subscribe for the Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#4
Options

Information

Helpful: 0

Views: 923

Replies: 3

Tags

WireGuard Gateway ACL
Related Articles
Configuration Wireguard
503 0
ER605 v2.0 Wireguard setup
5164 0
ER605, WAN to LAN communication, Wireguard
426 0
ER605 Site to Site Wireguard setup
1782 0
ER605 v2 Wireguard Peers Allowed IPs standalone
115 0
Wireguard access to a remote vpn client site
258 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.