ANSWERED Whitelisted IP's/edit LAN access rules Bluetit

[rkdover 0]

I'm back again!

I have a scenario where I have a server on my home network. This server is intended to run all its traffic except for LAN traffic through airvpn using bluetit. I also have a Wireguard server running on the gateway of said device. The server is on the 192.168.1.0/24 subnet, and remote hosts are allocated to the 192.168.2.0/24 subnet. I do not have the ability to change IP allocation, but the gateway routes packets between the subnets just fine. What I would like, is to be able to access this server from the remote subnet, with bluetit active just as if I were locally connected, but it seems to drop all packets. This happens even with network lock set to "off".

E.g. when bluetit is active (with network lock on OR off) I cannot even ping (or ssh, or access web services on) 192.168.2.x -> 192.168.1.y, but with bluetit disabled I can.

Question is then, is there a configuration option to fix this? If not, is there a workaround?

[Staff 9971]

@rkdover

Hello!

The feature to make local networks available during WireGuard connections will be available in the Suite 2.0.0 next beta version, similarly to the Android implementation. In the meantime, you can consider to run WireGuard with a configuration file explicitly compiled to have traffic to local network excluded from the VPN routing:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Network Lock rules implemented by the Suite already allow traffic to/from all the local subnets. A stricter Network Lock to block traffic even for the local network is under evaluation.

Kind regards
 

[rkdover 0]

28 minutes ago, Staff said:

@rkdover

Hello!

The feature to make local networks available during WireGuard connections will be available in the Suite 2.0.0 next beta version, similarly to the Android implementation. In the meantime, you can consider to run WireGuard with a configuration file explicitly compiled to have traffic to local network excluded from the VPN routing:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Network Lock rules implemented by the Suite already allow traffic to/from all the local subnets. A stricter Network Lock to block traffic even for the local network is under evaluation.

Kind regards
 

I don’t think this really answers the question. I have local network access with the vpn connected, but for some reason only on one subnet, despite traffic routing normally. I do not want stricter rules, it rather seems like the current rules aren’t working correctly.

Do you mean that the local network rules differ between the OpenVPN and Wireguard modes?  I have tried both, I can’t see a difference.

I have provided some more details but my posts are awaiting moderator review.

[Staff 9971]

31 minutes ago, rkdover said:

Do you mean that the local network rules differ between the OpenVPN and Wireguard modes?  I have tried both, I can’t see a difference.

Hello!

The Network Lock rules are not the problem as they allow traffic to all local networks. Only a future Network Lock will have the option to stricter rules which can be enforced optionally when necessary.

The problem is the other one we mentioned and it will be tackled in a near future Suite version for WireGuard connections. In the meantime you can consider the solution suggested in the previous message.

Kind regards
 

[rkdover 0]

Sorry, it was a misunderstanding on my part about how Wireguard works. I believed that it would set my origin IP over local connections as the local one, but it appears it showed my WAN IP. I managed to set up a NAT rule on my router and now it works. Thank you for the assistance.