Question about ACL
wp1065151-spam wp1065151-spam
spam at bcse.de
Tue Mar 9 12:29:58 UTC 2021
Hi.
My Question :
I have two peers configured on my WG Server.
Peer A should grant access to Subnet 10.0.10.0/24
Peer B to 10.0.20.0/24.
In Clientconfig i set
PEER A
AllowedIPs = 10.255.0.0/24,10.0.10.0/24
PEER B
AllowedIPs = 10.255.0.0/24,10.0.20.0/24
SERVER
[Interface]
Address = 10.9.254.1/24
ListenPort = 55555
PrivateKey = AAAAAAAAAAAAAAAAAAAA=
[Peer]
# PEER A
PublicKey = BBBBBBBBBBBBBBBBBBBB=
AllowedIPs = 10.9.254.100/32
[Peer]
# PEER B
PublicKey = CCCCCCCCCCCCCCCCCCC=
AllowedIPs = 10.9.254.101/32
How can i prevent PEER B from changing his config to :
AllowedIPs = 10.255.0.0/24,10.0.20.0/24,10.0.10.0/24
to get access to 10.0.10.0/24 too ?
If i add allowed IP in servers PEER B config, it will add a route for 10.0.10.0/24 to wg0
So PEER A is not longer be able to access this subnet.
How can i set a ACL that allows Peer A and Peer B only to access configured subnet, outside the client config.
I also could be happen that you would like allow your Friend only to access your Server (.101) and Printer (.150) but you Family the whole subnet.
Therefor Friend get in his peer Config:
AllowedIPs = 10.9.254.0/24,10.0.10.101/32,10.0.10.150/32
Family:
AllowedIPs = 10.9.254.0/24,10.0.10.0/24
How we prevent the Friend to change his config to 10.0.10.0/24 ?
More information about the WireGuard
mailing list