I want to create a isolated guest network, but the function "Isolate Clients" is not working. when joining the guest-made wlan, i can still access 192.168.1.1. I want the devices that join through this SSID only access the web, preferably through the wireguard interface i have set, but if not possible simply directly to the WAN interface.
Here are some screenshots of the setup:
Help would be appriciated, thanks!
Correct me if I am wrong, but 192.168.1.1 is the router and client isolation clearly mentions that prevents client-to-client communication.
Then you need a combination of firewall rules as described in guest wifi along with Policy Based Routing where you have 3 options:
Thanks for your reply!
Oh so the router isnt considered a client in this case? I tried to access other ip's that are connected through the main ssid, while being connected to the guest ssid, and can still access those other ip's.
I didnt use those command line instructions yet that you linked me. Do they show in luci after all being applied? I can give that a shot. Does it still work if i force in firewall settings for lan to go to my wireguard interface and deny lan>wan?
No
Other SSIDs are not controlled by isolation, but by firewall zones.
Yes, but I gave them as a reference, not to be used verbatim.
Not if routing is not correct, you'll be dropping all traffic.
