Flint - Can't access local resources when connected to Mullvad VPN

archer · 2022-01-05T22:24:08.671Z

Hello,

I’m happy that my Flints have finally arrived. Setup was easy and straightforward, but I have an issue I can’t figure out how to fix.

As of now, my Flint gets internet from WAN port connected to my router provided by ISP (Flint WAN IP 192.168.0.11). Flint’s subnet is default 192.168.8.0/24. I’m using Mullvad VPN, it works well, but when Flint is connected to VPN my devices, e.g. laptop (192.168.8.100) can’t access resources on the main router’s subnet (e.g. RDP on 192.168.0.2, or file sharing on 192.168.0.3 etc.).

I tried using VPN Policy, set 192.168.0.2 to be accessed without using VPN and it seems to work, my devices connected to Flint can access 192.168.0.2, but enabling VPN policies completely kill internet connection when connected to Mullvad VPN.

As a temporary fix, I changed firewall settings through LuCI (I think I added an entry so that when device in Flint’s LAN tries to access 192.168.0.2 request to be handled through gateway 192.168.0.1) and it seems to work, I’m connected to Mullvad and still can access local resources in 192.168.0.0/24 subnet, but the problem is that I have connection drops when accessing above mentioned resources.

So, to summarize, I need help to stay connected to Mullvad VPN with Flint and still be able to access devices in the Flint’s WAN subnet from Flint’s LAN devices. I hope I made it clear. Thank you in advance and feel free to ask if you have any questions, I am by no means tech guy, so I might have done something wrong.

P.S. My flint is running latest accessible firmware with integrated update system.

alzhao · 2022-01-06T09:59:30.403Z

archer:

I tried using VPN Policy, set 192.168.0.2 to be accessed without using VPN and it seems to work, my devices connected to Flint can access 192.168.0.2, but enabling VPN policies completely kill internet connection when connected to Mullvad VPN.

While this seems a problem. It should not kill Internet. Otherwise there is a bug.

archer · 2022-01-11T09:59:53.333Z

For the testing purposes, I did a similar setup on my second Flint.

I was able to narrow the proboem down to internet killswitch.

Scenario:
Vpn connected and VPN policies enabled
Everything seems to work as intended.

If I also enable Internet killswitch, local traffic works fine but it kills internet connection.

It has to be noted that after enabling killswitch, ping/tracert on IPs still works, but if I try to ping/tracert a domain name, it times out, so I suppose it has something to do with DNS maybe.

archer · 2022-01-11T10:11:35.086Z

I narrowed it down to DNS:
Current issue was that my PC had static IP/DNS setting. I don’t know why but it does not like static DNS (Open DNS/Google). I switched it to dynamic, everything seems to work so far.

That is a temporary fix for me as I want to have static IP/DNS for reasons, but it might help others. I’ll update if I manage to get it to work.

alzhao · 2022-01-11T10:23:37.935Z

archer:

Current issue was that my PC had static IP/DNS setting. I don’t know why but it does not like static DNS (Open DNS/Google). I switched it to dynamic, everything seems to work so far.

Seems it is a problem that your setting preventing your DNS request.

Can you let me know your detailed vpn policy settings?

archer · 2022-01-11T11:55:17.262Z

Sure, nothing special, I’ve Flint connected to Mullvad, VPN policy enabled to connect to IPs 192.168.0.1,192.168.0.2,192.168.0.4 without using VPN. Internet Killswitch - Enabled.

I’ve found a workaround to fix my issue completely, but it won’t make sense to post it here as I had to change config on other devices on my network, so it won’t be helpful. Shortly, I just made sure that desired devices always connect to Flint and acquire IP/DNS from Flint (!). Also on Flint I pre-assigned desired IP addresses using MAC addresses of the devices.

archer · 2022-01-11T11:57:07.823Z

To sum it up, I don’t think there’s a bug, maybe it was just my bad configuration and/or compatibility issue on my network.

alzhao · 2022-01-13T08:14:42.884Z

One thing to consider, when you use google dns on windows, windows automatically encrypt it.

Not sure if this will be blocked by the vpn policy or killswitch.

archer · 2022-01-13T08:29:52.650Z

Yes, That’s what I thought, probably vpn+killswitch did not like the fact of using OpenDNS/Google.

So far so good, I’m happy with the product, easy to setup and use. I’d wish to have WiFi Antennas with larger area coverage, but that’s for another topic.

Keep up the good work!