Closed stenya closed 1 year ago
@gorkapernas v3.11.18
Verified on version 3.12.0, tested LAN on all platforms, with OpenVPN and WireGuard.
macOS -> capturing traffic packets with Wireshark while using a macOS and an iOS device when communicating to each other.
For instance, when pinging the local IP address of the iOS device on macOS (both in the same local network), the iOS and macOS network packets are both source and destination in Wireshark, however if disabling Allow LAN Traffic when IVPN Firewall is enabled
on macOS, the ping request on macOS times-out.
LAN can also be tested with Airdrop, when Allow LAN Traffic when IVPN Firewall is enabled
is disabled, macOS cannot find other devices in the same local network, but when Allow LAN Traffic when IVPN Firewall is enabled
is enabled, Airdrop works as expected.
Windows and Linux -> LAN file sharing.
Windows to Android, when connected to the VPN + FW ON and Allow LAN Traffic when IVPN Firewall is enabled
is disabled, it is not possible to connect to the host device (Windows) and same the other way around, however if Allow LAN Traffic when IVPN Firewall is enabled
is enabled, connection to the host device can be established successfully.
Ubuntu to Fedora and vice versa, when connected to the VPN + FW ON and Allow LAN Traffic when IVPN Firewall is enabled
is disabled, it is not possible to connect to the host device, however if Allow LAN Traffic when IVPN Firewall is enabled
is enabled, connection to the host device can be established successfully.
I also confirm that the tooltip next to the option “Allow LAN traffic when IVPN Firewall is enabled” has been implemented as described in this ticket.
This is good to go.
v3.12.0 released
Feature request
Description
Settings → IVPN Firewall → Allow LAN Traffic when IVPN Firewall is enabled
When this option is enabled, the VPN daemon inspects all currently available local interfaces and permits communication within identified networks using network mask information.
Describe the solution you'd like
Rather than focusing on the specific local networks the user is connected to, I suggest allowing all non-routable IP ranges when the "Allow LAN Traffic" feature is enabled:
These ranges comprehensively cover all potential local interface ranges a user might connect to. This approach ensures users can access local networks regardless of changes in their network configurations.
Note: we need to add a '?' popup after the option “Allow LAN traffic when IVPN Firewall is enabled” with the text “This includes traffic to all private address spaces in RFC 1918, 3927, 4193, 4291”.