I have a Wireguard installation running based on the docker image linuxserver/wireguard.
It’s running on a Ubuntu 20.04 host.
The speed is good and the my client can connect from both my local LAN and from the Internet gaining access to both local LAN and internet in both situations. So far so good.
Now I want to add a second type of clients. These clients should only have internet access when connected to the VPN. The restriction must be configured on the server. Also I would like the clients to use my LAN’s DNS server (pihole). I realize that the clients would be able to perform LAN DNS lookups and exposing LAN IP’s of services on the LAN. That is OK for now. The important thing is that the traffic cannot be routed to LAN hosts and services.
Network range 192.168.X.0 - 192.168.X.255 My router IP: 192.168.X.1 Pihole IP: 192.168.X.Y
wg0.conf (which is generated by the linuxserver/wireguard image)
[Interface] Address = 10.13.13.1 ListenPort = 51820 PrivateKey = XXXXX PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = XXXXX AllowedIPs = 10.13.13.2/32 [Peer] PublicKey = XXXXX AllowedIPs = 10.13.13.3/32