[eduVPN-deploy] Wireguard blocking LAN access
François Kooman
fkooman at deic.dk
Tue Mar 14 08:40:12 CET 2023
Hi Marc,
To be honest, I was not aware of this feature! And it took me a long
time to find it in the Windows UI, but I managed, see attachment :-)
It seems, when defaultGateway is set to true, the WireGuard client
configuration contains this:
AllowedIPs = 0.0.0.0/0, ::/0
When "Block untunneled traffic (kill-switch)" is *disabled* the
configuration is changed to this:
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
My theory is that the WireGuard client behaves differently in the first
scenario compared to the latter one.
It seems that it is (very) easy to implement this in the server, but
perhaps the option should not be "wBlockLan", because this option does
more than that, it suggests it implements a "kill switch". Perhaps we
need to have a wBlockUntunneledTraffic, or wKillSwitch option?
Do you have any suggestion here? Did you test that the "kill switch"
functionality works?
Regards,
François
On 13.03.23 20:17, Marc Langer via eduVPN-deploy wrote:
> Hi,
>
> in the eduVPN config, the oBlockLan option is only available for
> OpenVPN, but Wireguard is blocking LAN access by default in Windows 10,
> too. Wireguard has an option " "Block untunneled traffic"", which seems
> to be activated by default. How can I disable this in my eduVPN profile?
>
> Thanks,
>
> Marc
>
>
> _______________________________________________
> eduVPN-deploy mailing list
> eduVPN-deploy at list.surfnet.nl
> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows-wireguard-kill-switch.png
Type: image/png
Size: 56338 bytes
Desc: not available
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20230314/d478138a/attachment-0001.png>
More information about the eduVPN-deploy
mailing list