Hi, I have a question regarding how to setup Wireguard:

I have multiple VLANs. VLAN 10 is VPN (10.10.10.0/28).

I will put Wireguard server (Alpine + Wireguard) in this VLAN with IP 10.10.10.5.

I only need 2 peers to connect via Wireguard.

In Wireguard I will create network 10.10.11.0/28

When the connect they should receive static IP 10.10.10.11.10 (peer A) / 10.10.10.11.11 (peer B).

They should be visible (no NAT) and managed by my router.

They should be able to go to internet via my router (I will make firewall rules on router to allow this vlan to wan).

#############

SERVER

------------------

[interface]

Address = 10.10.11.5/28

ListenPort = 51820

PrivateKey = ... your server private key

[Peer]

PublicKey = ... client1's public key

AllowedIPs = 10.10.11.10/32

[Peer]

PublicKey = ... client2's public key

AllowedIPs = 10.10.11.11/32

------------------

PEER

[Interface]

Address = 10.10.11.5/28

PrivateKey = ... the client1's privkey

[Peer]

PublicKey = ... the server's pubkey

AllowedIPs = 0.0.0.0/0

Endpoint = myvpndomain.com:51820

#############

2) PostUp / PostDown config --> Is this ok (do I need to add/remove something)?

PostUp = iptables -A FORWARD -i %i -j ACCEPT

PostDown = iptables -D FORWARD -i %i -j ACCEPT

3) Alpine --> do I need to make any changes to network configuration?

4) Do I need to make routes on my router?

I think I need to make route to 10.10.11.0/28 via 10.10.10.5 ?

Will peers have same firewall rules as a host (host acts as gateway if I understand properly)?

Is there a way to make firewall rules per specific peer?