Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exempt destinations doesn’t work for me. #142

Open
nigels0 opened this issue Nov 27, 2022 · 3 comments
Open

Exempt destinations doesn’t work for me. #142

nigels0 opened this issue Nov 27, 2022 · 3 comments

Comments

@nigels0
Copy link

nigels0 commented Nov 27, 2022

Hi,

My network consists of two UDMPs in two locations running on network 192.168.x.x. I am using split-vpn with OpenVPN to connect my appletv in the remote UDMP to the local one in the U.K. to bypass geofencing

I have this set up on the remote UDMP in my vpn.config

FORCED_SOURCE_INTERFACE="br31"

my appletv is on the 31 vpn. (on the remote UDMP)

but I want to access local (to my U.K. UDMP _ 192.168.5.x ) networks without going through the OpenVPN
`# Exempt these destinations from the VPN.

Format: [IP/nn]

EXEMPT_DESTINATIONS_IPV4="192.168.5.0/24" `

when I set this up, I cannot access any networks on the local UDMP - removing this, forces all traffic through the VPN and I can access the local network (U.K.).

I think I might be misunderstanding how this works, but it isn’t working for me!

@peacey
Copy link
Owner

peacey commented Jan 8, 2023

Hi @nigels0,

Are you still having issues or have you figured it out? If you're still having issues, please show me your full vpn.conf file. Your exempt setting seems correct and should allow local LAN traffic.

@nigels0
Copy link
Author

nigels0 commented Jan 8, 2023

Thanks for following this up! Unfortunately I’m not at the location, so I’ll re-check when I’m back

@tracestep
Copy link

tracestep commented Apr 28, 2023

Yeah, EXEMPT_DESTINATIONS is not working for me either. Mine looks like:

EXEMPT_DESTINATIONS_IPV4="192.168.0.0/16 10.0.0.0/8 172.16.0.0/12"

And I have a single host on FORCED_SOURCE_IPV4:

FORCED_SOURCE_IPV4="192.168.10.104"

iptables --table mangle -- list gives out:

...
Chain BIFROST_PREROUTING (1 references)
target     prot opt source               destination         
MARK       all  --  anywhere             anywhere             MARK set 0x8
MARK       all  --  anywhere             192.168.10.1         mark match 0x8 MARK and 0x0
MARK       all  --  anywhere             192.168.0.0/16       mark match 0x8 MARK and 0x0
MARK       all  --  anywhere             10.0.0.0/8           mark match 0x8 MARK and 0x0
MARK       all  --  anywhere             172.16.0.0/12        mark match 0x8 MARK and 0x0
MARK       all  --  192.168.10.104       anywhere             MARK set 0x8
...

I don't know much about iptables, but it looks like the FORCED_SOURCE is taking precedence over EXEMPT_DESTINATIONS, right? Should it, though?

EDIT: I am using nexthop on UDMPRO 2.47 2.5.17

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants