Firstly, thank you for your contribution to the Unraid built-in Wireguard VPN.
I have a question about "Peer type of access" of the built-in Wiregurad.
I found the type of "Remote access to server" do not actually limit the peer to access other LAN address. According to my test, even I select "Remote access to server", the peer can still change the allowed ips to access my LAN. Then I checked the wg config file and there seems no restriction strategy to limit the peer.
This is my config (auto generated by the Unraid Web UI)
PrivateKey=XXXX
Address=10.253.0.1
ListenPort=51820
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'
PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE
PostUp=ip -4 route flush table 200
PostUp=ip -4 route add default via 10.253.0.1 dev wg0 table 200
PostUp=ip -4 route add 192.168.50.0/24 via 192.168.50.1 dev br0 table 200
PostDown=ip -4 route flush table 200
PostDown=ip -4 route add unreachable default table 200
PostDown=ip -4 route add 192.168.50.0/24 via 192.168.50.1 dev br0 table 200
I also check the route table and iptables and there seems no restriction strategy.
Is this a feature or bug?
Though I do know how to restrict other peers to access my LAN by modifying iptables, I still hope that I can do this operation on the Web UI.
Unraid Version: 6.11.3 stable