Jump to content
Not connected, Your IP: 3.12.163.124
rkdover

ANSWERED Whitelisted IP's/edit LAN access rules Bluetit

Recommended Posts

I'm back again!

I have a scenario where I have a server on my home network. This server is intended to run all its traffic except for LAN traffic through airvpn using bluetit. I also have a Wireguard server running on the gateway of said device. The server is on the 192.168.1.0/24 subnet, and remote hosts are allocated to the 192.168.2.0/24 subnet. I do not have the ability to change IP allocation, but the gateway routes packets between the subnets just fine. What I would like, is to be able to access this server from the remote subnet, with bluetit active just as if I were locally connected, but it seems to drop all packets. This happens even with network lock set to "off".

E.g. when bluetit is active (with network lock on OR off) I cannot even ping (or ssh, or access web services on) 192.168.2.x -> 192.168.1.y, but with bluetit disabled I can.

Question is then, is there a configuration option to fix this? If not, is there a workaround?

Share this post


Link to post
@rkdover

Hello!

The feature to make local networks available during WireGuard connections will be available in the Suite 2.0.0 next beta version, similarly to the Android implementation. In the meantime, you can consider to run WireGuard with a configuration file explicitly compiled to have traffic to local network excluded from the VPN routing:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Network Lock rules implemented by the Suite already allow traffic to/from all the local subnets. A stricter Network Lock to block traffic even for the local network is under evaluation.

Kind regards
 

Share this post


Link to post
28 minutes ago, Staff said:
@rkdover

Hello!

The feature to make local networks available during WireGuard connections will be available in the Suite 2.0.0 next beta version, similarly to the Android implementation. In the meantime, you can consider to run WireGuard with a configuration file explicitly compiled to have traffic to local network excluded from the VPN routing:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Network Lock rules implemented by the Suite already allow traffic to/from all the local subnets. A stricter Network Lock to block traffic even for the local network is under evaluation.

Kind regards
 

I don’t think this really answers the question. I have local network access with the vpn connected, but for some reason only on one subnet, despite traffic routing normally. I do not want stricter rules, it rather seems like the current rules aren’t working correctly.

Do you mean that the local network rules differ between the OpenVPN and Wireguard modes?  I have tried both, I can’t see a difference.

I have provided some more details but my posts are awaiting moderator review.

Share this post


Link to post
31 minutes ago, rkdover said:

Do you mean that the local network rules differ between the OpenVPN and Wireguard modes?  I have tried both, I can’t see a difference.



Hello!

The Network Lock rules are not the problem as they allow traffic to all local networks. Only a future Network Lock will have the option to stricter rules which can be enforced optionally when necessary.

The problem is the other one we mentioned and it will be tackled in a near future Suite version for WireGuard connections. In the meantime you can consider the solution suggested in the previous message.

Kind regards
 

Share this post


Link to post

Sorry, it was a misunderstanding on my part about how Wireguard works. I believed that it would set my origin IP over local connections as the local one, but it appears it showed my WAN IP. I managed to set up a NAT rule on my router and now it works. Thank you for the assistance.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...