Freedome and connectivity issue with services outside the trusted local network
I'm slowly digging myself into deeper and deeper into a technological pit with my home network just out of curiosity and for the sake of learning and I came across to an issue with Freedome I can not seem to find a solution.
The simple topology of my network would be something like as follows: Laptop > Wifi AP > Switch > Router > Internet connection.
The more complex way of telling the same story would be in the picture below. 😀
The router has 4 dhcp pools and the switch & Wifi AP uses those pools/vlans to separate different category devices in my home network and everything works fine from this point of view.
I recently added a mini-pc server with Security Onion to my network. I made a mirror port to router and forwarded this traffic to the security onion successfully.
Next, I set up sysmon and winlogbeat to my Windows 10 laptop and set the winlogbeat to send the Windows event logs to security onion. For this I had to make a hole through the routers firewall to allow traffic from the home LAN to certain port in the management LAN and make the necessary changes to security onion accept the incoming logs. Now the logs flow through the network from home network (10.10.10.x) laptop to the security onion (10.10.40.40) just as intended.
Now finally to the problem itself:
The Windows logs flow only when freedome is OFF but when I enable freedome, the log flow stops. Freedome has the option to use automatic killswitch cut off internet connection if the VPN connection is disrupted, and to block connections to other devices in the same network but I have enabled to possibility to make an the exception to allow connections to other devices in trusted networks.
What I am wondering here that is the core problem that the security onion where the windows logs are supposed to go is in another network (10.10.40.x) and freedome does not recognize it as a trusted network? If so, is there any possibility add some addresses as trusted manually? If that is not an option, are there any other tricks to get the inter vlan traffic work when Freedome is enabled? Some more firewall magic or port forwaring inside the router perhaps?
I believe that you have already enabled the Killswitch feature on the Freedome VPN application itself as that should add your network as trusted and allow you to access local networked devices under the same subnet when Freedome is On.
Freedome VPN does not allow for any additional configuration aside the available features in the Settings but we can check with our Freedome team and revert with their suggestions.
In Windows you could do following to get 10.10.40.x (mask 255.255.255.0) subnet to bypass VPN tunnel:
1) Have Freedome killswitch disabled
2) Add persistent bypass route (if router's gateway address is 10.10.10.1), open admin command prompt and give command:
route add -p 10.10.40.0 mask 255.255.255.0 10.10.10.1
That should make all traffic destined to 10.10.40.x network to bypass VPN tunnel. If this causes some problems, it can be removed in admin command prompt with command:
route delete 10.10.40.0 mask 255.255.255.0 10.10.10.1
Hi Jaims and thank you for the help! Adding the route did the trick and now the logs flow through even with freedome enabled. 👍️
I am glad to know that the steps worked for you and the issue is now resolved .