Wireguard Firewall setup?

OpenWrt Newbie here.

I have successfully created a working Wireguard server for remote LAN access, (peers are working and I have DDNS setup)

But the Wireguard setup examples I have seen show two different firewall setups - but both work fine.

Both of these appear to me to be functionally the same.

Are either or both of these setups OK?

TIA
Rick

#version 1

config zone
	option name 'wg0_FW'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'lan'
	list network 'wg0'

config forwarding
	option src 'wg0_FW'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'wg0_FW'

--------------------------------

#Version 2

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wg0'

WG01978×277 27.6 KB

wg02778×196 14.5 KB

What guide did you follow?

Basically, Version 1 creates a Firewall zone identical to LAN, and creates the appropriate rules to achieve the same functionality as the LAN zone. It also integrates the LAN interface into the new firewall zone, which I find strange, but I am not a Wireguard user so take that with a grain of salt.

Version 2 does not create a new zone identical to LAN, and I would assume integrates the WireGuard firewall into the LAN firewall zone. But you would need to provide additional configs to confirm this.

No they are not.

Note: an interface can only be set in one firewall zone , you did not show your whole firewall but I am talking about the lan interface

See my notes how I setup a WireGuard server:

Easy method is indeed just adding the WireGuard interface to the lan firewall zone.

Thank you.

These two videos:

Skip to 1:45

Skip to 4:30

Great write up!

I just added the wg0 interface to the LAN zone.

Thank you!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!