[Flint 2] WireGuard: Prevent certain clients from accessing the local net

Routers VPN, DNS, Leaks
1

Hello!

I'm trying to block specific clients from accessing my home network, but I haven't figured out how to do it. I used the WireGuard AllowedIPs Calculator, which suggested I set the AllowedIP to:

0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3

However, the Flint 2's interface only allows up to 5 entries for AllowedIP.

image
image725×688 16.7 KB

How can I prevent certain clients from accessing my local network?

2

Hello,

Is the VPN server on the home router? Then want to block certain VPN clients from accessing your home LAN?

If we don’t want these VPN clients to access the home LAN and WAN/Internet, you can reject these VPN clients to access the home router (VPN server), like you can delete the corresponding profile directly of the VPN server.

If only allow the VPN client connects to the Internet through the ISP IP of the home router but reject to access Home LAN, you need to check the corresponding VPN client IP first, and add a firewall rule to Luci > Network > Firewall > Custom Rules by referring to the following command:

# Deny traffic from the VPN client (assume 10.0.0.2) accessing the Home LAN subnet (assume 192.168.8.0/24); WG server is `wgserver`, if you are using the OpenVPN server, please change `wgserevr` to `ovpnserver`.
iptables -I FORWARD 1 -i wgserver -s 10.0.0.2 -d 192.168.8.0/24 -j REJECT
1 Like
4

Yes, you've understood correctly and that's exactly what I was looking for. However, since I'm not an advanced user, I'd prefer to do it through the standard web interface, not LuCI. It's not possible, is it?

5

GL GUI (Admin Panel) does not support this. This request can only be achieved in Luci or SSH.

Luci is also an interface and no worry to do.

image
image970×721 33.7 KB

1 Like