Products Firewalla Gold Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Blue Plus Firewalla Wi-Fi SD Product Comparison Product Reviews

Wireguard VPN server on Purple - why can't devices be added to groups?

Follow
Avatar
MattT

I took my kids on holiday recently, set up the Wireguard VPN client on their devices (thinking that they would default into their existing groups, with the protection afforded by Purple that has already been set up)...

But  seems you can't assign a Wireguard device to a group... and it seems to get unlimited access to all devices on the local network - and you don't seem to be able to restrict this...

Is there a technical reason that Wireguard clients aren't added to groups? 

I'd REALLY like:
1. for my kids devices to be safe when out the house i.e. still apply the same rules as when they are inside. 
2. Ensure that network segmentation via VLANS is consistent even if connected via a VPN i.e. I was expecting to be able to assign rules to a VPN in the same way that I can from a VLAN network.

0

Comments

3 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Wireguard devices to a group is supported in 1.52.  See https://help.firewalla.com/hc/en-us/articles/10221985597331-Firewalla-Box-Release-1-975-App-Release-1-52

     

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    1. for my kids devices to be safe when out the house i.e. still apply the same rules as when they are inside. 

    One way to do that would be VPN to Firewalla. But kids can turn that off. Another way is if Firewalla had something like a DoH that could be accessed by the mobile clients without VPN (ala my.nextdns.io). But this might leave access open to others for DNS. Not sure how this would be done securely. 

    2. Ensure that network segmentation via VLANS is consistent even if connected via a VPN i.e. I was expecting to be able to assign rules to a VPN in the same way that I can from a VLAN network.

    You can define rules on VPN segments like any other network. Maybe I am not understanding what you want to do? 

    0
    Comment actions Permalink
  • Avatar
    MattT
    • Edited

    @Firealla - Wireguard devices to a group will be fantastic! Thanks so much for all the ongoing development! I'll look at the early release version. I've been singing your praises to a few friends who've purchased your products - you guys are doing an awesome job.

    @Michael - I completely missed the Wireguard network in rules! Up too late last night getting the VLAN tagging working on the switch! Thanks for helping me realise my oversight. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post