Search
K
Links

Local network permissions

Learn the functionality of the local network permission and how to manage it in the Meshnet permission menu.

Introduction

The article discusses Meshnet's local network permission, the differences in functionality when the permission is enabled or disabled, and the effect it has on your peer’s device. It also provides guidance on managing the local network permission for each device on your Meshnet.

Permission basics

The local network permission works in tandem with Traffic routing. Its function is to either permit or deny access to your local network devices while a Meshnet peer is routing traffic through your device. Local network access is a supplementary feature to traffic routing, and as such, traffic routing must be enabled to make use of the LAN permission.
LAN access with traffic routing is available on the NordVPN app for Windows, Linux, and macOS.
Note
On macOS, traffic routing is available only on the main version of the app, which can be downloaded from the NordVPN website. The App Store version of NordVPN doesn't provide the required functionality for your device to act as a traffic routing host.

What happens when local network permission is enabled?

With the local network permission enabled, your Meshnet peer can route their internet traffic through your device and interact with all of the devices that are located in the same local area network. The devices can vary from a router to a home server or network-attached storage (NAS).
Local network permission enabled
Figure 1. Local network permission enabled
As depicted in the model above, the home computer, which routes traffic, and local devices communicate through their respective LAN IP addresses. Consequently, the laptop routing traffic through the home computer can interact with all of the devices in the 192.168.1.0/24 local subnet.
Caution
Enable local network permission only for trusted devices to ensure home network and device security. Untrusted entities may cause severe damage if granted full access to your LAN devices.

What happens when local network permission is disabled?

When the local network permission is disabled, the Meshnet peer cannot access devices on your LAN.
Local network permission disabled
Figure 2. Local network permission disabled
Traffic routing remains functional unless otherwise configured, but it only alters the Meshnet peer’s public IP address. Should the peer attempt to connect to a local IP address, the connection will default to their LAN instead of yours.

Changing permissions

If you want to change the status of the local network permission, you can do so for each device individually. You can also check whether your peer has enabled or disabled the permission for your device.
To manage the local network permission, proceed with the following instructions:
Windows
macOS
Linux
  1. 1.
    Open the NordVPN app. Log in if necessary.
  2. 2.
    On the left-side menu, select the Meshnet
    tab.
  3. 3.
    Click the device that you want to alter the permissions for.
  4. 4.
    Under Traffic routing permissions, turn on or off Access to your local network when routing traffic through your device.
    Turning on Access to your local network
  1. 1.
    Open the NordVPN app. Log in if necessary.
  2. 2.
    On the left-side menu, select the Meshnet
    menu.
  3. 3.
    Click the More
    button next to the device that you want to alter the permissions for.
  4. 4.
    Select the Don't allow access to your local network while routing traffic or the Allow access to your local network while routing traffic option.
    Turning off access to your local network while routing traffic
Note
If you're using the App Store version of the app, the local network permission will not be visible because this version does not support traffic routing.
  1. 1.
    Open the terminal.
  2. 2.
    Run the following command to list all of your Meshnet peers:
    nordvpn meshnet peer list
  3. 3.
    Note the Nord name of the peer you want to alter permissions for.
  4. 4.
    To either allow or disable the permission, use one of the following commands, replacing <device> with the peer’s Nord name or Meshnet IP:
    nordvpn meshnet peer local allow <device>
    nordvpn meshnet peer local deny <device>
Tip
To find your peer's Nord name faster, start typing the name and press Tab. The system will auto-complete the name based on matching peers.

See also

© 2023 Nord Security. All Rights Reserved.