ArthurYZY

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by ArthurYZY

  1. I got this. Thanks. “Remote access to server” just seems to help generate a well-defined peer config for sharing. For security, it is still necessary to set the blacklist or whitelist on UI
  2. Firstly, thank you for your contribution to the Unraid built-in Wireguard VPN. I have a question about "Peer type of access" of the built-in Wiregurad. I found the type of "Remote access to server" do not actually limit the peer to access other LAN address. According to my test, even I select "Remote access to server", the peer can still change the allowed ips to access my LAN. Then I checked the wg config file and there seems no restriction strategy to limit the peer. This is my config (auto generated by the Unraid Web UI) PrivateKey=XXXX Address=10.253.0.1 ListenPort=51820 PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostUp=ip -4 route flush table 200 PostUp=ip -4 route add default via 10.253.0.1 dev wg0 table 200 PostUp=ip -4 route add 192.168.50.0/24 via 192.168.50.1 dev br0 table 200 PostDown=ip -4 route flush table 200 PostDown=ip -4 route add unreachable default table 200 PostDown=ip -4 route add 192.168.50.0/24 via 192.168.50.1 dev br0 table 200 I also check the route table and iptables and there seems no restriction strategy. Is this a feature or bug? Though I do know how to restrict other peers to access my LAN by modifying iptables, I still hope that I can do this operation on the Web UI. Unraid Version: 6.11.3 stable