I have an RUT950 that i use on remote sites for access. I have DDNS setup on the RUT950 which works. At the remote site my RUT950 LAN IP address is 192.168.2.1 and i have 1 device connected via LAN with a static IP address of 192.168.2.100. This LAN device is accessed via a web brower via port 443. I have also successfully setup a wireguard connection which i use to connect to the LAN device via wireguard and this all works great. My RUT950 has a wireguard IP of 10.14.0.1 and any peer that connect through wireguard have IP address of 10.14.0.2 etc.
My first issue is that under access control - web ui i have turned off remote http and http access, and i have left on LAN http and https in case i need to configure the router. Now if i put the public IP of the RUT950 into a web browser from anywhere the admin login page for the RUT950 comes up. How can i stop the remote webui from being accessible from public IP.
My second question. Often i will need to give remote access to other people at my company to the device connected to the rut950. Is there an easy way i can make the device accessible via browser with the public IP without the other person needing to setup wireguard on their device? And also still be able to utilise the wireguard connection for myself.
I believe my firewall, rules and zones are a mess which is causing me the first issue. And am not sure how to setup for my second issue.
Any help or suggestions is much appreciated.