Firewall settings for VPN


#1

Hi,
I installed Wireguard on a Windows server with the IP address 192.168.100.2. The Tunnel address is 10.0.0.1 on the server and 10.0.0.2 on the client. In the GWN7000 I forwarded the port 52800 for the Wireguard listening port of the server from the WAN to the server address. Thus I can ping this port from the client.

Question:
In order to get the UDF traffic through the VPN tunnel, what Source address do I need to enter in the Output firewall settings; the server address 192.168.100.2 or the Tunnel address 10.0.0.1 ?

Regards,

Guenther


#2

Hi. Not sure i’ve understood. It seems like GWN is a simpe forwarder, as VPN end point is on the LAN.
You need to set port forwarding, Wan-to-Lan firewall rules and, if needed, LAN-to-WAN rules.
Inside tunnel traffic should be managed by your VPNs end-points.


#3

Thank you, when I understand you correctly I forward the port 52800 to the IP address 192.168.100.2 of my server and my server will handle the VPN tunnel addresses 10.0.0.2. without the need to let the GWN7000 about the addresses 10.0.0.1 and 10.0.0.2.