Greetings. I’m using PiVPN right now. Works great for me, connecting via Wireguard clients and able to use both WAN and LAN. There is one client that I would like to allow to connect to my VPN and be able to use the WAN only, and this is where I’m running into some trouble finding a solution. I took a few swings at the problem by trying to narrow down the Allowed IPs in the wg config file but that not only didn’t work but in hindsight it seems like an ineffective way to attack the problem to begin with.
Is there a way to set this up, either via something in the client config file or something else on the hosting side? I don’t want to disallow all Wireguard clients from accessing the LAN+WAN. It’s just one particular client that I want to allow access to only the WAN.
Thanks!
Holy moly, I solved it and it was using the Allowed IPs and a friendly calculator I found. Here is what I used, for anyone that might need it:
https://tim-crisp.github.io/wireguard-allowed-ips-calculator/#{"allowedIps"%3A"0.0.0.0%2F0"%2C"disallowedIps"%3A"192.168.0.0%2F16%2C 10.0.0.0%2F16"}
Edit: to be clear, on my network, keeping 192.168.x.x and 10.0.x.x out of the Allowed IP range are what I needed to target, meaning I could disallow 192.168.0.0/16 and 10.0.0.0/16. If your network is setup differently, adjust accordingly.