split-vpn icon indicating copy to clipboard operation
split-vpn copied to clipboard

Published 20 hours ago verified publisher icon peacey

Exempt destinations doesn’t work for me.

Open nigels0 opened this issue 2 years ago • 3 comments

Hi,

My network consists of two UDMPs in two locations running on network 192.168.x.x. I am using split-vpn with OpenVPN to connect my appletv in the remote UDMP to the local one in the U.K. to bypass geofencing

I have this set up on the remote UDMP in my vpn.config

FORCED_SOURCE_INTERFACE="br31"

my appletv is on the 31 vpn. (on the remote UDMP)

but I want to access local (to my U.K. UDMP _ 192.168.5.x ) networks without going through the OpenVPN `# Exempt these destinations from the VPN.

Format: [IP/nn]

EXEMPT_DESTINATIONS_IPV4="192.168.5.0/24" `

when I set this up, I cannot access any networks on the local UDMP - removing this, forces all traffic through the VPN and I can access the local network (U.K.).

I think I might be misunderstanding how this works, but it isn’t working for me!

nigels0 avatar Nov 27 '22 14:11 nigels0

Hi @nigels0,

Are you still having issues or have you figured it out? If you're still having issues, please show me your full vpn.conf file. Your exempt setting seems correct and should allow local LAN traffic.

peacey avatar Jan 08 '23 17:01 peacey

Thanks for following this up! Unfortunately I’m not at the location, so I’ll re-check when I’m back

nigels0 avatar Jan 08 '23 17:01 nigels0

Yeah, EXEMPT_DESTINATIONS is not working for me either. Mine looks like:

EXEMPT_DESTINATIONS_IPV4="192.168.0.0/16 10.0.0.0/8 172.16.0.0/12"

And I have a single host on FORCED_SOURCE_IPV4:

FORCED_SOURCE_IPV4="192.168.10.104"

iptables --table mangle -- list gives out:

...
Chain BIFROST_PREROUTING (1 references)
target     prot opt source               destination         
MARK       all  --  anywhere             anywhere             MARK set 0x8
MARK       all  --  anywhere             192.168.10.1         mark match 0x8 MARK and 0x0
MARK       all  --  anywhere             192.168.0.0/16       mark match 0x8 MARK and 0x0
MARK       all  --  anywhere             10.0.0.0/8           mark match 0x8 MARK and 0x0
MARK       all  --  anywhere             172.16.0.0/12        mark match 0x8 MARK and 0x0
MARK       all  --  192.168.10.104       anywhere             MARK set 0x8
...

I don't know much about iptables, but it looks like the FORCED_SOURCE is taking precedence over EXEMPT_DESTINATIONS, right? Should it, though?

EDIT: I am using nexthop on UDMPRO ~~2.47~~ 2.5.17

tracestep avatar Apr 28 '23 11:04 tracestep