Why the downvote?
Comment on Share single service via WireGuard
syaochan@feddit.it 5 weeks agoCould you elaborate what you mean with setting the allowed IPs? Yes, without tls.
syaochan@feddit.it 2 weeks ago
Comment on Share single service via WireGuard
syaochan@feddit.it 5 weeks agoCould you elaborate what you mean with setting the allowed IPs? Yes, without tls.
Why the downvote?
phase@lemmy.8th.world 2 weeks ago
Apologies for the delay. On the VPN termination point, you have to set the allowed IP addresses. On the case of a client, a /32 is enough. It means that only this IP would be receiving responses. A client with a different IP address would be able to inly send packets, not to get any back, thus not able to get a TCP session. I think it is enough and rhat no additional FW rule is needed.
syaochan@feddit.it 2 weeks ago
Don’t worry, there’s no deadline here. I’m not sure I got it so I’ll try to explain what I understood. You’re saying that I have to set a single IP address for the client, and allow that single address to connect to service on port 8080 on 192.168.10.1 in the firewall, right? I’m not too confident in my ability to configure the firewall, so I thought that completely isolate the subnet 192.168.2.0 and then forward a single port to it was the safe choice.