ER605 Wireguard VLAN and Interface Options
With OpenVPN you can set a VLAN to use the VPN tunnel its not an all or nothing option (Client-to-Site option).
Wireguard needs to have the same type of option (Client-to-Site) and be able to send a single VLAN or multiple VLANs over the tunnel.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @TechDad83
Thanks for posting in our business forum.
What would be the proper parameter line in the WG official?
If I don't recall it wrong, there is nothing like what you said. WG does not support this itself. If you can point me in the right direction, that would be great.
About what you ask for, is this what you trying to say? Have an option to set this to define what VLAN interfaces can use the VPN tunnel?
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Thank you for your response.
Lets say you have 3 VLANs
VLAN 6
VLAN 10
VLAN 99
I want VLAN 6 and 99 to go to the Internet normally.
VLAN 10 I want to tunnel through Wireguard tunnel.
In my case I have a VPN Provider (NORDVPN) I want to tunnel only a single VLAN over that tunnel. Currently I'm using OpenVPN Client to Site to do that. I have tried building routing tables, but that doesnt seem to do anything. Having an option to access the WG interface directly might help. The routing table sees it, just no way to say VLAN x to said interface.
- Copy Link
- Report Inappropriate Content
Hi @TechDad83
Thanks for posting in our business forum.
Current routing tables do not work with the VPN routing. So, expected behavior.
What would be the proper name for this feature in WG? I don't think I ever see this feature on WG. If there is no such a feature on WG, I am afraid that it might be hard for us to implement it because the WG is based on the WG official.
Or you mean the Policy Routing for the WG tunnel? This has been added to the request pool and pending for the further evaluation.
I think you should consider ACL instead. At least give it a try now. As a workaround.
After you configure the WG, three VLANs allow you to access the remote site, but you can use ACL which is effective universally. Try the GW ACL by LAN > WAN and use both SRC and DST as IP Group. And define the SRC as you desire (VLAN). DST to be the WG peer interface IP. That should block the access to the WG peer.
Or try the SW ACL if you have a switch. LAN - LAN ACL. Use SRC Network, DST IP Group(WG peer interface IP).
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 547
Replies: 3