Updating "allowed ips" in location settings does work

[syphernl]

Describe the bug By-default the allowed ips list of a location is 0.0.0.0/0 so it will route all traffic. When I emptied out the field and used "Predefined traffic" in the client my traffic would still be routed through the VPN instance. Adding in a subnet (e.g. 10.100.0.0/24) didn't prevent it from routing all traffic over the VPN either

To Reproduce Steps to reproduce the behavior:

1. Go to location settings
2. Empty out the Allowed IP's field (or fill in something else than the default 0.0.0.0/0)
3. Save
4. Connect with the Defguard client set to "Predefined traffic"
5. See that the external IP is still that of the VPN instance.

Expected behavior Traffic that doesn't match the allowed ips should not be routed over the Defguard tunnel.

Version information

• Defguard Core version: v0.9.1
• Defguard Gateway version: v0.9.1. (?)
  • Operating system and version running the gateway: Ubuntu 22.04

[teon]

Is it a MFA enabled VPN?

[jonboy86]

i am having the same problem but cant get to my network from the remote end ( cant get to remote lan when lan ip range is set in allowedip

[openl4m4]

Same here, and without MFA.

Defguard Core version: v0.10.0 Defguard Gateway version: v0.6.2 Operating system and version running the gateway: Debian 12

[LulzLoL231]

Deleting location on client and re-install is helped for me.

[t-aleksander]

@syphernl @openl4m4 did you update your client config after changing the location settings in the dashboard? It needs to be done manually: https://defguard.gitbook.io/defguard/help/configuring-vpn/add-new-instance/update-instance