Ahh yeah damnâit the escaped ; are truncated as well. That doesnât really help us ainât itâŚ
Ahh here; jujst switched to âstandard markdown editorâ / sorry about thatâŚ
nft add table nat
nft -- add chain nat prerounting { type nat hook prerouting priority 0 \; }
nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }
nft add rule nat postrouting oifname "tun1" masquerade
Glad you could make it workâŚ
Sorry to keep you waiting @krasnal. The local LAN bypass should be good, according to the team. Itâll be investigated further why it isnât working at some point. With virtualisation, there are multiple ways that the network interface is presented inside the VM, and currently it is hard for us to cover all of those.
NymVPN for routers is cooking, thanks to a community grant. We hope to share more news with you very soon!
Hey mate, as much as I understand that sometimes technology can have the power to put us in frustrating edges (no matter what it is, I complain the whole day onto pretty expensive stuff that lucky me, I havenât had the privilege to acquire). Although, there is always a border of so to speak blurry responsibilities. In our example here, source NATâing the traffic sent toward our NYM tunnel interface cannot and is not IMPOV a NYMâs responsibility. Thatâs our endpoint host business and at best a KB article here.
Anyways, NYM team, you need more supporters? Iâm up for it =]
Kind regards to you all an fight wild for your own privacy because the ones willing to end yours are safeguarding theirsâŚ
Hi salazar good to see a response. Perhaps itâs just an ambiguous wording on your part but âlocal LAN bypassâ doesnât really fit the problem I was having. From the VM, I can bypass the VPN tunnel and reach the LAN with a simple âip route addâ â and I have â but I think it would be more accurate to describe my problem as âblocked access from the LANâ or perhaps âLAN forwarding is blockedâ, or something to that effect. Itâs just a vanilla KVM/libvirt Debian 13 guest VM running in a Debian 12 host, so nothing esoteric. With no nft rules in place on the VM, a client can send traffic through the VM but the moment that the VPN is established, Nymâs own nft rules are established and immediately block traffic from the client.
With virtualisation, there are multiple ways that the network interface is presented inside the VM, and currently it is hard for us to cover all of those.
Ok, so perhaps you could describe for me which set-ups do work to allow forwarding of client traffic and are not affected by the establishment of the nft rules, and that can then be a basis for me to investigate why my KVM/libvirt set-up is not workng. Deal?
Yes, I agree itâs arguably a bit of a grey area if itâs a NAT-ing problem but the point I was making in the paragraph you quoted is a more general appeal for the Nym team to be a bit more responsive to questions on this forum. I had originally posted my question on 10 Dec and salazar replied on 14 Dec. This is a very quiet forum, so I think the appeal for more input from the team is not unreasonable, especially now that NymVPN has become a paid-for service.
Part of the devrel team is off due to holidays, so bear with us as we try to get you more help. If you want the quickest support with NymVPN-related issues, you can always create a ticket: https://support.nym.com/hc/en-us/requests/new
Weâll get back to you soon!
I have solarninjaâs excellent workaround, so thereâs no great hurry.
And thanks for getting back to me. 