Preface: I know not what I talk about.

INSTANCE: A Unifi network with multiple VLANs, each with their own subnet. A Linux client that is assigned to a single VLAN, connected to the network via Wi-Fi, and running a full-tunnel Wireguard config which tunnels data to the provider's endpoints.

QUESTION: While running full-tunnel VPN configurations supplied by a commercial VPN provider, how might the client device talk with other devices on the same (local!) LAN as it is, including devices that are on a different (local!) VLAN, and thus a different subnet?

Let's say, for instance, that I have the following network architecture:

Name        Subnet          Gateway     Mask
Internal    10.0.0.0/24     10.0.0.1    255.255.255.0
Hosted      10.5.0.0/24     10.5.0.1    255.255.255.0
Private     10.5.1.0/24     10.5.1.1    255.255.255.0
Guests      10.5.2.0/24     10.5.2.1    255.255.255.0

I have a device that is connected to the network via Wi-Fi, and is contained within the "Private" VLAN. It can also talk to devices that are in the "Internal" VLAN (by necessity), and devices in the "Hosted" VLAN.

Once I spin the VPN up, using a configuration gained from OVPN / PIA / NordVPN / whatever, the client can still communicate with devices on the same VLAN as it- for example, if the client is 10.5.1.132, it can still communicate with 10.5.1.42, but it cannot communicate with, say, 10.5.0.11. One would assume that is because the DHCP server has told it that it can access devices within a specific range through the correct gateway- and in-fact, this shows in the IP routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         unifi.localdoma 0.0.0.0         UG    1024   0        0 eth0
10.5.1.0        0.0.0.0         255.255.255.0   U     1024   0        0 eth0
unifi.localdoma 0.0.0.0         255.255.255.255 UH    1024   0        0 eth0

There are, as far as I can tell, a number of solutions for this problem. The first is to not use a full-tunnel VPN, and instead build a set of AllowedIPs which carve out the LAN ranges which you do not want tunneled. This, I think, is known as a split-tunnel VPN. If one wants to carve out all of the possible LAN IP ranges, as specified in RFC1918, it starts to become somewhat cumbersome:

AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3

This might be the only solution that currently works on an Android device running the basic Wireguard APK, as found on Github.

An alternative solution is to carve out the LAN ranges you want to avoid routing through the tunnel using the PostUp/PostDown entries. For example:

PostUp = ip route add 10.5.0.0/16 via 10.5.1.1 [dev IFNAME?] [metric INT?]
PostDown = ip route del 10.5.0.0/16 via 10.5.1.1

This would work, on your local LAN, as long as you stay on the same VLAN and can connect to the correct gateway. Unfortunately, Android Wireguard cannot handle PostUp/PostDown entries, AFAICT. Small bother.

One final solution that I have heard mutterings about is known as "Classless Static Routes", or DHCP Option 121/249. This uses "CIDR" notation, and I'll be honest- here I am a little bit lost. I like the sound of this solution, as it means that I can configure the networking infrastructure itself to provide the required information for valid routing, and not have to faff about with the many, many Wireguard configurations on my devices.

Does anybody have any experience with this problem? Am I approaching this problem in an entirely stupid way? Is there a better way (insert infomercial here)?

Hello tilderinos,

I'd like to launch my tab manager soon and to ensure a smooth launch, I'm looking for early users who would be willing to try my app as part of the private beta.

For those who would actually need this product, I'm happy to offer one year free (or more!), but even if you don't need it, I'd really appreciate the help.

I don't really need anything fancy, I'd just like to have some people install the app and try it to know if it works properly for them or if any unexpected issues come up, especially major ones. I'd like to make sure that the actual launch will be smooth, especially considering that I've been working on this project for four years now. It'd be a shame if it all went to waste.

Thanks a lot in advance!

PS - I wasn't sure in which group to post

I’ve bought enough digital comic bundles now that they’re starting to take up a decent chunk of storage space.

What I’d love to do, if possible, is losslessly compress them all down to their minimum sizes, in the same way that FLAC does with music. Is this a thing? And if so, what’s the best way to do it?

If lossless compression isn’t possible, is there a lossy compression that’s effectively lossless in that I won’t be able to tell the difference anyway? Lossless compression gives me good piece of mind, but the storage savings from an invisible lossy one are honestly quite appealing too.

My hypoglycemia issues are not related to diabetes fwiw. That said, I tend to get hypoglycemia a few times a day. If I catch it quick enough and treat, it's usually not a big deal, but if I get too low (maybe once I get into the 50s mg/dl), then after treating (usually about 15 minutes later), I get so. freaking. tired. Like, barely able to stand up exhausted. Currently dealing with this as we speak, and it's very frustrating. My endocrinologist told me it's normal to get tired like this while recovering. I'm curious if anyone else deals with this? If so, do you have any advice for dealing with the fatigue?

Tildes might be too small of a platform for this. If no one deals with hypoglycemia here, please feel free to remove it. I thought with the prevalence of diabetes, it would be likely there are folks who encounter this.

EDIT: In case anyone ever stumbles on this, turns out it was an insulinoma. I finally had surgery. Don't give up hope, answers can be out there, even if you feel like there's no where left to look.

With all of the identity verification laws in the pipeline, data breaches, and government overreach (mandated monitoring in new cars in the US), what steps can the average person take to secure their anonymity and data and device privacy?

I’m a tech-savvy person but nowhere near the level of a great many. It seems like in the face of overwhelming odds, making small changes is only a drop in the bucket. I have all the data encryption settings enabled on my phone, but I use services like Dropbox and rely on it heavily. I’ve always thought that if the product is free, you’re the product…but I pay for Dropbox, so they shouldn’t use my data for training AI (but they likely are). Setting up a personal cloud seems like a daunting task, as is getting involved in any of the small projects that people have going (decentralized networks, mesh…things, P2P, etc). I’ve focused more on securing my home networks recently so my Ubiquiti devices are restricted in what they can access, but I haven’t actually pen-tested my network yet. I have PopOS! installed on my home desktop because I got tired of Windows’ invasive…everything, but ultimately I don’t know what I’m doing.

There’s probably a great many people out there that feel like it’s hopeless to try to do anything because it won’t matter as there’s such a heavy push to invade, restrict, and monetize our digital lives. What can the average person do to take control of our devices and data?

Have you watched any TV shows recently you want to discuss? Any shows you want to recommend or are hyped about? Feel free to discuss anything here.

Please just try to provide fair warning of spoilers if you can.

Does anyone here have experience with Ruby programming? More specifically mRuby or DragonRuby for game programming?

I came across DragonRuby as free for its 7th anniversary and I’m considering checking it out, but I have no experience with the Ruby programming language itself.

Most of my programming experience recently is in C# and Python, but I have some experience with JavaScript/TypeScript.

Does anyone know of good resources for learning Ruby coming from that background, or thoughts on if it is worth it to try to pick up?

I’m not really interested in LLM-based Ruby workflows, at least until I have a decent grasp of the language and syntax myself.

This can be contentious, so feel free to self-categorize as "fresh twist on" as well if you wish 😅

(edit) moved my pick to the comment section ...

I really don't know where to put this, so feel free to move, but I have this issue. I carry a LOT of shit on my keychain. Two sets of keys of four each, a SIM removal tool, a tiny retractable box cutter, a USB drive full of installer ISOs (you never know), an AirTag, a CPU with a hole punched through, a 3D printed whistle, and that may very well grow.

Now the problem I have is that the lanyard that I currently have has, over time, widened the gap on the karabiner to the point that I'll regularly lose a key ring in my pocket when pulling it out. Nothing major's happened yet, but it's a matter of time.

So, clearly, I need a better one. A higher quality one. But going on the eTailers of today I really only get garbage. A pack of 20! For ten bucks! Well, thanks, but we all know they'll suck. And frankly, I really don't know how to get my hands on a high quality one. I bet they're out there, I'm sure, but where do I look? What's good, what's bad? I really don't need the high-end climbing gear, or do I? Is my key lanyard a candidate for buy it for life, and if so, am I ready for that commitment?

Looking for any and all advice on this.

PS: I don't wear the lanyard. I'm one of those assholes that puts the active end in my pocket and lets the lanyard itself dangle out.