DIY & Music & Guitar & Beer & Tech

Accessing Local LAN Resources While Connected to a VPN: A Quick Guide

betoneful

Have you ever connected to your VPN and suddenly found that you couldn’t access your local network devices—like your file server, printer, or even other computers on your LAN? It’s frustrating, especially when you’re trying to balance between securing your internet traffic and still being able to access your trusted local resources.

When you connect to a VPN, it often routes all your network traffic through the VPN tunnel by default. While this keeps your internet activity secure and private, it also cuts you off from local network devices that aren’t part of the VPN’s routed traffic. In my case, I needed to access servers and devices on my LAN (e.g. 192.168.1.x) while staying connected to the VPN.

My environment: MacOS + Viscosity as VPN client.

The issue boiled down to two things:

  1. Routing rules: The VPN wasn’t allowing traffic to my local LAN subnet (e.g., 192.168.1.0/24).
  2. DNS resolution: Even when I added the routes, I couldn’t resolve local hostnames (e.g., myserver.local) without some additional tweaks.
Step 1: Add Custom Routes for Your LAN

First, I needed to tell the VPN client to allow traffic destined for my local LAN to bypass the VPN tunnel. In Viscosity, this meant adding a custom route for each local subnet or IP range I wanted to access:

  1. Open your VPN connection settings in Viscosity.
  2. Navigate to the Networking tab.
  3. Under “Routing”, add a new route for your local subnet:
    • Route: The IP (or range) for your LAN (e.g., 192.168.1.x).
    • Mask: The subnet mask (e.g., 255.255.255.0).
    • Gateway: Choose net_gateway (this routes the traffic through your default network gateway, bypassing the VPN).
  4. Save your settings and reconnect to the VPN.

This allowed me to ping the devices on my LAN directly—but I still had one issue…

Step 2: Enable Split DNS for Local Hostnames

Even with the routes in place, I couldn’t resolve local hostnames like myserver.local nor did it work to access servers via browser. This happened because the VPN was overriding my DNS settings, sending all DNS queries through the VPN’s DNS server. To fix this, I needed to configure split DNS so that DNS queries for my local domain were resolved by my local DNS server (not the VPN).

In Viscosity:

  1. Go to the Networking tab of your VPN connection settings.
  2. Under DNS, specify mode: “Split DNS”
  3. Save and reconnect.

With this setup, any DNS queries for *.local would be resolved by my local DNS server, while all other queries would still go through the VPN.

Key Takeaways

If you’re trying to access your local LAN while connected to a VPN (using Viscosity):

  1. Add custom routes for your local IP range (e.g., 192.168.1.0/24) with the net_gateway as the route’s gateway.
  2. Configure split DNS to ensure local hostnames are resolved by your LAN’s DNS server, not the VPN’s DNS server.
  3. Test your setup to confirm both local LAN and VPN traffic behave as expected.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.