Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Whitelist / access LAN IP addresses with Wireguard

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
DudeOfLondon
Posts: 81
Joined: Sat Jan 10, 2015 5:14 pm

Whitelist / access LAN IP addresses with Wireguard

Post by DudeOfLondon » Thu Oct 31, 2019 12:37 am

Hello,
can someone please tell me how to whitelist IPs and therefore devices in my LAN when using wireguard?
As soon as I am using wireguard I can't access my phone via airdroid, or my Set-Top-Box via LAN for example.

I tried putting my LAN as 192.168.2.0/24 in the line of "Allowed IPs = ..." in the config, but that didn't work.


Mikrano
Posts: 2
Joined: Wed Dec 04, 2019 5:35 am

Re: Whitelist / access LAN IP addresses with Wireguard

Post by Mikrano » Wed Dec 04, 2019 6:27 am

If you go on wireguard app on Windows or maybe Mac too, untick the "Block untunneled traffic".
Make sure your clients that you are using are opened - as in some will just work with this option easily, whilst some will need to go through configuration to make sure they are accessible through your gateway (router).

But on the Android app, simply find your profile you are connected to > tap it > edit (tap little pen) > swipe down > check "Exclude private IPs" > Save
You will then see a list, and that list looks like the one below. (or even add to your Wireguard client on Windows and Mac, try unblocking these (below in bold)... Or add all of them together then subtract one by one checking if your services or devices are working

0.0.0.0, 8.0.0.0, 11.0.0.0, 12.0.0.0, 16.0.0.0,
32.0.0.0, 64.0.0.0, 128.0.0.0, 160.0.0.0,
168.0.0.0, 172.0.0.0, 172.32.0.0, 172.64.0.0,
172.128.0.0, 173.0.0.0, 174.0.0.0, 176.0.0.0, 192.0.0.0,
192.128.0.0, 192.160.0.0, 192.169.0.0, 192.170.0.0,
192.172.0.0, 192.176.0.0, 192.192.0.0, 193.0.0.0, 194.0.0.0,
196.0.0.0, 200.0.0.0, 208.0.0.0, 10.31.33.7


Topic Author
DudeOfLondon
Posts: 81
Joined: Sat Jan 10, 2015 5:14 pm

Re: Whitelist / access LAN IP addresses with Wireguard

Post by DudeOfLondon » Thu Dec 05, 2019 5:14 am

Ok, thank you.

I still don't understand this config:
only 192.168.178.0/24 in the allowed IPs does not work, (no LAN access and no internet access)
only 192.168.178.0/23 I can access LAN but no internet. (although every LAN devices is from 192.168.178.x)
only 0.0.0.0/1 I can access LAN and Internet


Topic Author
DudeOfLondon
Posts: 81
Joined: Sat Jan 10, 2015 5:14 pm

Re: Whitelist / access LAN IP addresses with Wireguard

Post by DudeOfLondon » Thu Dec 05, 2019 6:41 am

If I put all IPs from your list (or the Android client) I don't have internet access

Post Reply