Closed reback00 closed 3 years ago
DHCP traffic is broadcast traffic, so the client enables communication towards 255.255.255.255 in order to make it work properly. As you suggested, you need split tunneling (option -s). You may invoke hide.me like this:
hide.me -s 192.168.0.0/24 connect "some hide.me server"
192.168.0.0/24 won't be routed through the VPN then and you'll be able to access your local services. Everything else will use the tunnel though.
You may even specify just a few IPs in order to target those particular IPs, for example:
hide.me -s 192.168.0.1,192.168.0.180 connect "some hide.me server"
This works for IPv6 too
@tcohar Well, this helped me a little bit. I can access 192.168.0.1, but not 192.168.0.180.
Tried with ./hide.me -s 192.168.0.1,192.168.0.180 connect <server>
but it raised this error:
...
Link: Wireguard device vpn configured
Link: [ERR] Parsing the split tunnel network 192.168.0.1 failed, invalid CIDR address: 192.168.0.1
Main: [ERR] RPDB rules failed, invalid CIDR address: 192.168.0.1
Link: Interface vpn deactivated
It seems it needs the CIDR part. No problem. So tried ./hide.me -s 192.168.0.1/24,192.168.0.180/24 connect <server>
and it let me access the router ip but not the 192.168.0.180 ip. btw... when I run the command, it has an error in the output which may be helpful in solving this:
...
Link: Wireguard device vpn configured
Link: Split tunnel rule for 192.168.0.0/24 added
Link: [ERR] Split tunnel rule addition for 192.168.0.0/24 failed, file exists
Link: IPv4 DHCP VPN bypass RPDB rule added
...
Ping results:
$ ping -c2 192.168.0.180
PING 192.168.0.180 (192.168.0.180) 56(84) bytes of data.
From 192.168.0.100 icmp_seq=1 Destination Host Unreachable
From 192.168.0.100 icmp_seq=2 Destination Host Unreachable
--- 192.168.0.180 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1057ms
pipe 2
Oh, yeah, you need to use the CIDR format, my mistake. The problem with your example is that you try to add the same network as an exception twice. 192.168.0.1/24 and 192.168.0.180/24 are, basically, in the same network, 192.168.0.0/24. The client tries to add the exception rules for the same network, twice, and the second attempt fails, of course. The following will work for you:
./hide.me -s 192.168.0.1/32,192.168.0.180/32 connect <server>
./hide.me -s 192.168.0.1/32,192.168.0.180/32 connect <server>
worked like a charm. Both ips are now accessible. Thanks a lot!
Thanks for the client for linux with killswitch built in. It made my life so much easier.
Although I faced an issue recently. 192.168.0.1 is my router admin and 192.168.0.180 is a local machine that I have some important sites that I seldom need visiting. I can visit them just fine when not connected with the client. But when connected, I can't access them.
I found in the readme that DHCP traffic is allowed, but I can't access these local IPs. Is this expected?
I don't mind if local site access is disabled by default (for security I guess.) But an option would be nice to allow access to them when I want to. Is split tunnelling going to help me? If so, how can I allow these local IPs to not go over the VPN?