Jump to content
Not connected, Your IP: 3.237.65.102
kongolav

easiest way to keep LAN traffic while on network lock

Recommended Posts

Hi, this is my first day as a paying customer here at AirVPN so I guess this qualifies as a newbie question.

Q: What is the easiest way of using airvpn with network lock, and still being able to access the computer from other devices on the LAN?

Background: I`ve got an old macbook setup with a torrent client, and a plex server to serve the goodies to various devices on my LAN. I`ve installed the AirVPN client on this machine now and I`m very happy with both the speeds I`m getting - and how connectable I am. (I just switched from BTguard - and it`s a BIG difference). However I can`t seem to connect to the machine from other devices on my LAN anymore, not with PLEX, and not with "remote screen sharing" in os-x. 

 

What have I tried: After reading some posts here at the forum I`ve tried to setup my LAN in "Routes" under "preferences" - and specified that all traffic on my LAN goes outside of the VPN tunnel. I`m a bit new to "CIDR ranges" - but what I`ve entered there now is 192.168.10.0/255.255.255.0. Does that cover it, or is there a better way to do it?

What I have not tried: I`ve not yet tried to edit the "/etc/pf.conf"-file or use another external software like tunnelblick. But if this is the only way of achieving what I want, I can give that a go too.


I`m guessing I`m not the first guy having this problem, and even if I have`nt found the right answer to the question here on the forum - the answer must be out there. So if anybody could point me in the right direction, I`d really appreciate it!


Have a great day everybody! 

 

best regards
Olav

Share this post


Link to post

Hello! To help you a bit, what you entered isn't actually "valid" CIDR notation. Since you're using 255.255.255.0 as your subnet, you'll simply want to change it to /24 - 192.168.10.0/24.

 

(if you're not too technically inclined skip this part)

 

I got the slash-24 from changing your subnet mask to its binary equivalent - 11111111.11111111.11111111.00000000 (converting 255 and 0 to binary) and counting the zeros (a simple way to convert). There's 24 1's (8 from each 255 octet and none from 0). If you (or someone else) was interested, 255 is simply 128+64+32+16+8+4+2+1 (all multiples of 2) and each multiple that's "there" (not excluded) is 1 while the excluded multiples are 0 (how binary works). Subnet masks are a special case because you must have a string of ones followed by zeros (if you had 11100111 for example that would be an invalid subnet mask which if it were actually accepted would bugger up your network, and also if it could actually work would make CIDR notation impossible)... Binary is fun!

 

(end of skip)

 

As for allowing local LAN traffic, that alone should do it assuming you don't have a router behind a router. I've done this a few times before with just one router (never tried two or more since I only use the one although I have a spare). As long as you set the option for "unspecified goes INSIDE tunnel" (since you'd be defeating the sole purpose of Eddie and AirVPN anyway if you didn't) you're set.

 

Off-topic but I figured I'd mention it FWIW - if you (or anyone) uses Oracle VirtualBox or VMWare Player/Workstation (you're using a MacBook so VMWare Player might not apply) you'll want to whitelist their internal network adapter IP ranges too if you use internal networking with them. I've never used it but this might make the difference if someone has issue with that.

 

Have a great day and I hope this helps!

 

(edit) - since you mentioned torrenting if you will be torrenting over AirVPN's network, virtually everyone (myself included) would recommend you to choose a port to forward on AirVPN's servers and use it for your client (if not already done so). It'll make a big difference in your connectivity and you'll be more able to seed (although not mandatory, sharing is caring!) since a lot of peers are trying to inbound connect to you (silly people don't know how to port forward, or possibly can't due to ISP or other issues.. this is why I got AirVPN in the first place and it works like a dream)... Enjoy AirVPN, second to none for VPN services.


Certified CompTIA A+ IT, Remote Support and Depot Technician, CompTIA Network+, MCP, MCDST Windows XP

Certifying Cisco CCENT/CCNA (currently expired and awaiting recertification)

Uncertified Windows Server 2003, 2003 R2, 2008, 2008 R2, Windows Vista,7,8,8.1

Uncertifiably Awesome

Share this post


Link to post

Hi Seranecks, thanks for your reply - and also your technical explanation of why the 24. I saw that in the AirVPN client, and could`nt quite figure out what the 24 meant. 
But unfortunately I`ve tried that (and once again now) - and it does`nt seem to do the trick for me. 

 

Regarding port forwarding; I did not have this enabled before, because my torrentclient told me that it was connectable (green light). But I have configured it now. (thanks for the tip).
And since you are clearly a wizard when it comes to ip-traffic, could you tell me if my current setup is "safe"?

I saw this notice at that ip-forwarding page on airvpn; "IMPORTANT: do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes uncencrypted packets to be sent outside the tunnel from your client."

 

And the way I`ve set up my network is having my "plex/torrent"-machine receive all traffic from the network directly. All ports are "forwarded" to that machine. I`ve had it like that for a long while, and it`s just been easiest whenever I needed to administer the machine from other locations, and get as connectable as possible. But is this related to the warning above, or is it not a problem for me?

 

And could this configuration have anything to do with me not being able to connect to the machine from other devices on my LAN?


Sorry for my newbie questions.

 

 

Best regards
Olav

Share this post


Link to post

I still have`nt really been able to get this working. I`d really appreciate it if someone who has got "network lock" to work properly on a mac - and still being able to access that mac from the local network. Hopefully the solution is quite easy...

Share this post


Link to post

Hey, my apologies for not getting back to you. I think I messed up my notifications here it didn't tell me anyone else posted.

 

If you're using the "Official" Bit Torrent client or uTorrent they often give you a green light but you really don't have any true incoming connections. It's been quite an annoyance for me because it's telling me everything's fine but in reality all my connections are outbound. If you look at any active torrent's peer list you'll see something called Initiation or something similar and it has either Local or Remote. Local means you connected to them (you can do this without forwarding), Remote means they connected to you (which requires forwarding). If you have no Remote connections then you might have a problem.

 

As for the warning on their port forward page, there are two things you should make sure of if you don't want any connections outside the VPN (network lock irrelevant) - one is to ensure you don't forward your torrent ports to your machine's IP but you also should DIS-able uPnP (which sets up port forwarding automatically for you). uPnP is useless if you're behind a VPN that already has the ports forwarded and some clients might send the request to your router even though you're tunneling.

 

"And the way I`ve set up my network is having my "plex/torrent"-machine receive all traffic from the network directly. All ports are "forwarded" to that machine. I`ve had it like that for a long while, and it`s just been easiest whenever I needed to administer the machine from other locations, and get as connectable as possible. But is this related to the warning above, or is it not a problem for me?"

 

What do you mean by receive all traffic from the network directly? What pops into my mind is your rig being used as not just a computer but a second hop (where you connect all your other machines to this one via a second network card). If that is the case then using Network Lock could easily cause connectivity issues if not properly set up.

 

The intermediate system is a bit of a pain to set up for some people and I've never had much success with it, and I truthfully doubt that's what you've got set up. Also, you can't have "every" port forwarded, there are over 60,000 of them and even using ranges that would be completely impractical, assuming your router even allows it. But that's neither here nor there.

 

I re-read your post to refresh myself, you're hosting a plex server (not exactly sure about the specifics but they're not all that important) as well as the torrent client. You don't have to forward the ports that you're using to host your goodies to your network machines, ports only need to be forwarded if you need to have them accessible from the outside (Web server, Minecraft server, torrents). If you're only worried about incoming connections with your torrent client you could easily just shut all your ports on the router that are aimed at your Mac (since you only have the connection port which is being tunneled).

 

Getting back to the network lock with all this in mind, if you're having issues connecting to the Mac, make sure you have the right numbers. Most routers I've come across don't assign a 192.168.10.x address. I normally see 192.168.1.x ... if you open your terminal and run an ifconfig command you'll get all the information you'll need. If you have any Windows machines just open Command prompt and use ipconfig (its IP config for Windows, IF config for Macs and Linux machines... IP for Internet Protocol, IF for InterFace) you'll get the same information. I strongly recommend running it with AirVPN not connected, it'll spit out a little less information to comb through.

 

If you can give me a copy/paste of your ifconfig / ipconfig results it'll be a simple matter to give you the numbers you want for Network Lock.

 

I hope that helps a bit more and my efforts aren't too late. I'll see about changing my notification settings so I'll actually find out a reply got posted here. My apologies for leaving you hanging, I don't post a lot here yet since a lot of the questions people ask are beyond me, but in your case nothing seems too out there.

 

If you want to know anything else just ask away. I think there's a messaging system here, you could toss a couple words my way to wake me up. Best of luck!


Certified CompTIA A+ IT, Remote Support and Depot Technician, CompTIA Network+, MCP, MCDST Windows XP

Certifying Cisco CCENT/CCNA (currently expired and awaiting recertification)

Uncertified Windows Server 2003, 2003 R2, 2008, 2008 R2, Windows Vista,7,8,8.1

Uncertifiably Awesome

Share this post


Link to post

Hi Seranecks!

That`s okay - I actually have`nt gotten notification of your post either - so something is probably messed up in the notification system here.

 

- What I mean about "receive all traffic from network directly" is that how my network is set up, the computer with plex, utorrent and airvpn is setup as a "DMZ-host" - so it will receive all traffic from the internet, as long as no other ports are forwarded to other computers in my network.

 

Here is the ifconfig setup; (it`s from my personal computer - but it`s on the same network, so it should be pretty much the same)

 

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128 
inet 127.0.0.1 netmask 0xff000000 
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether b8:e8:56:3f:d6:70 
inet6 fe80::bae8:56ff:fe3f:d670%en0 prefixlen 64 scopeid 0x5 
inet 192.168.10.176 netmask 0xffffff00 broadcast 192.168.10.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:00:7f:71:60 
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:00:7f:71:61 
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 0e:4d:e9:5c:10:00 
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
       ifmaxaddr 0 port 6 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
       ifmaxaddr 0 port 7 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:e8:56:3f:d6:70 
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452
ether 9e:13:61:8c:ea:52 
inet6 fe80::9c13:61ff:fe8c:ea52%awdl0 prefixlen 64 scopeid 0xb 
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:0a:27:02:00:5f:22:82 
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 0c:4d:e9:c5:35:43 
inet6 fe80::e4d:e9ff:fec5:3543%en6 prefixlen 64 scopeid 0x4 
inet 192.168.10.159 netmask 0xffffff00 broadcast 192.168.10.255
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active

Share this post


Link to post

Hello!

 

Try with Eddie 2.9.2 Experimental for OS X Mavericks/Yosemite.

 

In the usual OS X download page https://airvpn.org/macosx click "Other versions" then select "Experimental".

 

In "AirVPN" -> "Preferences" -> "Network Lock" tick "Allow lan/private", click "Save" and test. According to our tests on Yosemite systems everything works fine, feel free to let us have your feedback.

 

Kind regards

Share this post


Link to post

Hah, Staff comes in and saves the day. Well it's great your problem has been resolved. FWIW when you copy/pasted your ifconfig I got rather twitchy, the amount of stuff to sift through from Linux just scares me. But you've got a classic /24 there in the 192.168.10.x range so there's not anything complex going on there. I have yet to test that version of Eddie for my (cringe) Windows laptop but it looks very promising, some features I look forward to seeing in a Stable release very soon.

 

Sounds like that version auto-unlocks your home network by using the information from DHCP or whatever from your network card. Automating that process saves a lot of work especially for people who aren't used to finding that information on their own or are unfamiliar with how to do so.

 

I hope now that everything's going smoothly you'll enjoy the service as much as I do. Take care!


Certified CompTIA A+ IT, Remote Support and Depot Technician, CompTIA Network+, MCP, MCDST Windows XP

Certifying Cisco CCENT/CCNA (currently expired and awaiting recertification)

Uncertified Windows Server 2003, 2003 R2, 2008, 2008 R2, Windows Vista,7,8,8.1

Uncertifiably Awesome

Share this post


Link to post

Dear AirVPN Staff and community,

 

I'd like to add some water to this pipe about LAN connection over AirVPN and the Eddie Client.

 

Actually, I have the "Allow lan/private" option ticked in "AirVPN" -> "Preferences" -> "Network Lock" and I'm running under Mac OSX Yosemite. The problem is that when I try to connect to my Raspberry Pi running OSMC (Raspbmc) for example, it works pretty well. Actully it seems to works with the other computers shared on my LAN. But when I try to connect to one of my NAS (Synology or Freebox server) it fails when the "network lock" option is on. I tried to illustrate this problem with the image joined at this address:https://mega.nz/#!2sZnWbwR!Xha1RviTuwjLS7CW0YzSH5YR3mRjCu9Z9vcvswBlqbo (I don't know how to directly join an image to this post... I'm sorry)

 

I have some limited computing skills but I really need your help to solve this as I'm definitely not an network expert. My only lead would be this one: I think that both of my NAS are using the AFP protocol to get connected to my iMac. However, I'm not sure about what connection protocole uses the raspberry pi but it might be Samba (SMB). As my other LAN shared computer are all running Windows, it might also be SMB. So I guess that the problem comes with the AFP protocol and the network lock.

 

The other weird thing is that when I'm using AirVPN under Windows 10, I can't figure out how to access to my LAN shared devices, even if the "Allow lan/private" option is ticked. So any idea about all of this?

 

Thanks a lot for your help and this wonderful VPN service!

Share this post


Link to post

As someone who is definitely not math inclined, for those like me who cann't really grok calculating binary values, the different net masks and their short '/nn' values can be found here: https://psg.com/~brian/doc/tcpip/netmask.htm

 

I'm sure 'binary is fun' for many people, but I'm definitely not one of them

 

Hi, this is my first day as a paying customer here at AirVPN so I guess this qualifies as a newbie question.

Q: What is the easiest way of using airvpn with network lock, and still being able to access the computer from other devices on the LAN?

Background: I`ve got an old macbook setup with a torrent client, and a plex server to serve the goodies to various devices on my LAN. I`ve installed the AirVPN client on this machine now and I`m very happy with both the speeds I`m getting - and how connectable I am. (I just switched from BTguard - and it`s a BIG difference). However I can`t seem to connect to the machine from other devices on my LAN anymore, not with PLEX, and not with "remote screen sharing" in os-x. 

 

What have I tried: After reading some posts here at the forum I`ve tried to setup my LAN in "Routes" under "preferences" - and specified that all traffic on my LAN goes outside of the VPN tunnel. I`m a bit new to "CIDR ranges" - but what I`ve entered there now is 192.168.10.0/255.255.255.0. Does that cover it, or is there a better way to do it?

What I have not tried: I`ve not yet tried to edit the "/etc/pf.conf"-file or use another external software like tunnelblick. But if this is the only way of achieving what I want, I can give that a go too.


I`m guessing I`m not the first guy having this problem, and even if I have`nt found the right answer to the question here on the forum - the answer must be out there. So if anybody could point me in the right direction, I`d really appreciate it!


Have a great day everybody! 

 

best regards
Olav

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...