search

peacey / split-vpn

A split tunnel VPN script for Unifi OS routers (UDM, UXG, UDR) with policy based routing.
GNU General Public License v3.0
813 stars 56 forks source link

Obsolete with UniFi Network Application 8.0.2? #204

Open realies opened 11 months ago

realies commented 11 months ago

8.0.2 adds support for WireGuard VPN clients, and traffic from any network can be routed through a WG VPN relatively easily.

Wonder if this comes with all the benefits like the blackholes/killswitch available in split-vpn. TBC.

Unlearned6688 commented 11 months ago

i've tried testing it out on my udm-pro.

tl;dr: the official one is bugged and i'm reinstalling this one.

the official ovpn does work, however, it leaks (leak is too small a word...) DNS address like crazy which makes it unusable for me. i've tried different vpn providers, it's absolutely on the unifi team to fix this type of stuff. you can read the forums and see others complaining too.

maybe in another year the official one will fully work.

realies commented 10 months ago

@Unlearned6688, I think the leaking issues can be solved with: https://community.ui.com/questions/Prevent-internal-network-traffic-leaking-when-using-a-WireGuard-VPN-client/b929a88a-6e86-497d-a438-93ec40d9a57a#answer/e777b6e5-0295-4575-971a-0f3211f9baea

Unlearned6688 commented 10 months ago

I'll take a look at it. Thanks.

Btw just as an update: some browsers (specifically iOS Safari (in private mode, DNS flushed)) leak CONSTANTLY with the standard firewall setup. However, also on iOS, Brave browser and Chrome (didn't try others) do not leak. I tried Safari with no add-ons and still it was leaking like crazy. So, in part, the blame might be on Apple too.

Ubiquity seems to have made some progress on the implementing WG configs to make them "plug and chug" although the profile from Surfshark I tried kept connecting then disconnecting... Better than before I suppose. Maybe they're almost there. I've been using OVPN in the meantime paired with other network tools to fix DNS not being correctly applied (Ubiquity seriously needs to get their crap together. Is split DNS and split VPN so advanced for a networking company? This stuff is going to become more and more required as more and more companies keep being annoying with ads and such)

spkis commented 6 months ago

Well, the one from Unifi doesn't support IPv6 though! Which is not nice :(