Restrict access using Wireguard (wg-easy docker container)

Scope · 11 Mar 2023 at 11:11

Hi,

Im trying to set up a Wireguard connection between 2 sites - the connection itself it fine.. What I am struggling with is how to restrict access on the remote site (Site #2, the side running Wireguard Server). Default is that I can access everything on Site 2, be it internet and everything on their LAN..

What I would like to be able to do is restrict to Internet (WAN) access Only on Site #2, so that I can not see anything on their LAN. (Im using the Wireguard to get around geo-location so only interested in using their Internet connection)

Both Client and Server are running on Synology, and we are both using wg-easy docker container as the wg GUI.

sg0 · 11 Mar 2023 at 12:23

Would sticking the remote device on a vlan help? I think synology have a vlan package.

Sorry I may be misunderstanding your post about what lan you can see?

Scope · 13 Mar 2023 at 16:27

In the end I had a play with iptables inside the wg-easy docker and restricted access that way.. I now have a Wireguard connection that only allows traffic to the internet, no LAN destinations allowed.

oscarchd · 21 Nov 2023 at 02:32

Scope said:
In the end I had a play with iptables inside the wg-easy docker and restricted access that way.. I now have a Wireguard connection that only allows traffic to the internet, no LAN destinations allowed.

may i know how do u do that? i'm planning to setup multiple intances.

my requirement is to be able to access the internet throught the vpn, and only able to access devices within the same network... for eg 10.13.13.x can be accessed by devices with in the network