Can I put VPN clients on their own VLAN?
I'm looking at replacing my Ubiquiti Edgerouter Lite 3 with a Firewalla Gold or Purple. The Unifi Dream Machine line is way too physically large and I don't have a rack to put it in, and I'm very interested in the easy content controls that Firewalla promises).
I have a gigabit fiber connection (not UPnP), and recently set up an OpenVPN VPN server for some overseas friends on an old desktop computer. I'd love to replace that with a VPN set up on Firewalla. If I get a Firewalla (gold or purple) and set up VPN access for them:
1) is it possible to set it up such that they're put into their own VLAN (and can't access the rest of my network)?
2) Would I then be able to set up a separate VPN that gives me access into my full home network?
-
VPN clients (both WireGuard and OpenVPN) get put into their own LAN by Firewalla, and there is no way to change this.
OpenVPN clients are not represented as individual devices in Firewalla, but you can make rules for the OpenVPN LAN to limit its access to other devices in your other LANs.
WireGuard clients are represented as individual devices in Firewalla, and can be added to groups as well. So, you can make some WG clients for your friends (one per friend) and put them all into a group, then add rules to the group to control their access. Your WG client can have its own set of rules, so you can have full access if you want.
-
Thanks! That lead me towards this help article, which clarifies things a bit as well: https://help.firewalla.com/hc/en-us/articles/360008521833-Manage-Rules
Please sign in to leave a comment.
Comments
2 comments