Wireguard single direction communication

Installing and Using OpenWrt Network and Wireless Configuration
1

I have got a requirement with the WireGuard setup where wg-peer1 should be able to communicate to wg-peer3 via wg-peer2, But wg-peer3 should not be able to communicate with wg-peer1 .
wg-peer1 and wg-peer3 are the OpenWRT routers.

wg-peer1     ___\          wg-peer2  ___\         wg-peer3
private_IP      /          public_IP    /         private_IP
OpenWRT_Router1                                   OpenWRT_Router2

Is it possible?

2

I would consider using two wireguard interfaces and put them in different firewall zones. They you allow forwarding from peer1's zone to peer3's zone.

If they use the same zone then you need to disable forwarding on that zone and add a custom rule that allow the traffic instead.

1 Like
3

Yes, don't allow it in the firewall configuration.

1 Like