Leaderboard

Hello! We will consider seriously the suggestion, thank you. Kind regards

@Greyzy Hello! The solution is relatively simple when you use a subnet calculator: you must tell WireGuard that some subnet (in this case your local network) must NOT fall into the VPN tunnel through the AllowedIPs directive. The AllowedIPs directive in the WireGuard *.conf file lists the set of IP addresses that the local host should route to the remote peer through the WireGuard tunnel. By constructing from the global address space the complementary set of the range of your subnetwork you will solve the problem. Please read the following thread for more complete explanations and definite solution: https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?tab=comments#comment-217411 Kind regards

It is not legitimate and definitely not secure. a), AirVPN does not release closed-source software. b), the only languages are English and Chinese, hinting at a Chinese entity abusing the name of AirVPN. It's a case for AirVPN legal staff.

You mean with python ? I've created different python lists, for each iptables and ip6tables chains. In each list I've put all the rules that I want to add. So the python script checks the rules in each chain and compares with the corresponding python list and then corrects what needs to be corrected. (The script also creates some required ipsets and be careful not to add duplicate rules, which iptables allows without warning..). The script runs every 30 minutes. By the way with the iptables of the UDM includes the geoip module. So you can block countries per port/services, which the UDM interface does not allow! (With the UDM interface you can block countries, in IN, in OUT, or both, but it’s for the whole WAN connection, we can’t do it on a service basis). So I take the opportunity to do it via an iptables rules. For example I block some countries on the qBt port of the airvpn: iptables -A FORWARD -d 10.0.12.12/32 -i wgclt4 -p udp -m udp --dport 45781 -m geoip --source-country CN,RU,BY,DZ,CF,GA,GH,CI,ZA -j BLOCK_BAD_COUNTRIES_QBT

I assume you use wireguard VPN client. From the UDM CLI, run the command: ifconfig | grep -A1 wgclt It will give you every WG tunnel interface and the ip associated. This ip is the tunnel IP that you can also find in the VPN client configuration through the web interface of the UDM. So you can identify the wgclt interface used for your AirVPN connection. This is the one you must use for your iptables rules. (From the UDM CLI) give the output of : iptables -t nat -S PREROUTING iptables -S FORWARD