Hello,
I have mikrotik router with static IP and server in a different location being client in wireguard VPN connection. I set the connection up no problem, but I want to limit access from the client site to my network behind mikrotik. As of right now anyone logged on to server has full access to everything behind mikrotik. Can I limit what part of the network is accessible to remote users (maybe even to deny connection to any part of my network)? Current config below:
MT:
/interface wireguard
add listen-port=Z mtu=1420 name=wireguard2
/interface wireguard peers
add allowed-address=x.x.x.3/32 interface=wireguard2 persistent-keepalive=1m \
public-key="XXXXXXXXXXXX"
/ip address
add address=x.x.x.2/32 interface=wireguard2 network=x.x.x.0
/ip firewall filter
add action=accept chain=input dst-port=\
Z protocol=udp
Client:
[Interface]
PrivateKey = YYYYYYYYYYYYY
Address = x.x.x.3/32
DNS = 8.8.8.8
[Peer]
PublicKey = WWWWWWWWW
AllowedIPs = x.x.x.2/32
Endpoint = z.z.z.z:Z
PersistentKeepalive = 10