Results 1 to 6 of 6
  1. #1
    tjk
    tjk is online now
    Untanglit
    Join Date
    Apr 2021
    Posts
    28

    Default Different allowed networks on roaming tunnels?

    I don't see an option to allow different networks on a roaming tunnel, am I missing a setting something?

    Example:

    user1 is allowed to 172.16.4.0/24
    user2 is allowed to 10.10.10.0/24

    There is just one master setting under Settings, where I can add multiple subnets but I cannot select them per roaming tunnel config.

  2. #2
    Newbie
    Join Date
    Jan 2021
    Posts
    9

  3. #3
    Untanglit sheck's Avatar
    Join Date
    May 2020
    Posts
    26

    Default

    You just need to edit the config per user when you are creating their client config on their machine. Just edit the allowed IP's line on the config in the users device itself after you copy/paste the overall settings from WG app.
    tjk likes this.

  4. #4
    Newbie
    Join Date
    Jan 2021
    Posts
    9

    Default

    Quote Originally Posted by sheck View Post
    You just need to edit the config per user when you are creating their client config on their machine. Just edit the allowed IP's line on the config in the users device itself after you copy/paste the overall settings from WG app.
    The trick with editing the configuration to the client software does not lead to blocking access ... a malicious user can also edit in reverse

  5. #5
    Untanglit sheck's Avatar
    Join Date
    May 2020
    Posts
    26

    Default

    Quote Originally Posted by bnemtanu View Post
    The trick with editing the configuration to the client software does not lead to blocking access ... a malicious user can also edit in reverse
    If you want to make sure they only have access to specific devices you'll need to setup filter rules for that.

    It's pretty easy if you only want them to have access to one device, if you want to allow multiple devices it gets a bit trickier.

    If they only need access to one device, grab the IP listed for their client, then create a filter rule like this one. When using is not, you can only use one value, so this way only works if you only want to allow them access to 1 specific IP address or subnet.

    filter.png

    If you need to allow multiple devices you need to block the entire network in one rule:

    filter2.png

    Then create pass rules for specific IPs, make sure to move these above your block rule so they are hit first. That will allow traffic to specific IP addresses and block everything else.

    filter3.png
    jcoffin, tjk and bnemtanu like this.

  6. #6
    Newbie
    Join Date
    Jan 2021
    Posts
    9

    Default

    agree with the solution presented by you ... but don't you think it would be much simpler in the version with VPN profiles?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2