Wireguard server on MT-6000 and LAN questions

I need to setup Wireguard server on my MT-6000 (main home router), with the following details:

  1. Client will be AX1300 Slate plus
  2. I need to access only 2 devices on my LAN
  3. I have static IP at home and a domain to do whatever is needed

Ι have found this thread (Allow Remote Access LAN - how does this work? - #22 by scottgs) and I don't understand how it's possible to make this work!

In my mind, it looks like I would need the following FW rules:

  1. Wireguard to device 1: Allow all
  2. Wireguard to device 2: Allow all
  3. Wireguard server to LAN: Drop

My understanding is that:

  1. I don't need to have any port forwarding for Wireguard
  2. I don't need to have any port forwarding from WG server to LAN clients
  3. Enabling "Allow access to LAN" in the GL UI will expose the whole LAN to the WG client (something that I don't want).

Please correct me if anything of the above it wrong.
Than you in advance


If I understand correctly, you want remote devices (WG Client) only can access the LAN device #1 and #2 which is in the WG server.

In Luci, try to add the rule 'wgserver_device1and2', destination address select the device 1 and 2. Save and apply. That your remote device (WG Client) only permit to access the device 1 and 2 which is in the WG server.