Hi,
I'm experiencing a strange issue on GrapheneOS with WireGuard VPN in my Private Space, and I haven't been able to find any similar reports.
Setup:
GrapheneOS on Pixel 8a
Private Space with WireGuard VPN configured (connecting to a Freebox router acting as WireGuard server)
Allowed IPs in the tunnel: 0.0.0.0/0, 192.168.27.64/27, 192.168.1.0/24
No VPN killswitch enabled
The problem:
From the Private Space, with the WireGuard tunnel active (RX/TX counters increasing, tunnel shows as connected), all browsers fail to load local network addresses (192.168.x.x). Both Vanadium and IronFox result in ERR_CONNECTION_TIMED_OUT when trying to access e.g. http://192.168.27.65/ or http://192.168.1.138:8999/.
What works:
Browsers can access the internet normally through the VPN
Apps like qbittorrent and Joplin, configured with the same local IPs, connect to the NAS (on the local network) perfectly fine through the same tunnel
The exact same WireGuard setup works flawlessly in the main profile — browsers included
What I've already tried:
Verified network permissions for Vanadium in the Private Space: unrestricted
No killswitch active
Tried changing WebRTC IP handling policy in Vanadium
Tried chrome://flags/#private-network-access-respect-preflight-results and chrome://flags/#local-network-access-check: no effect
Tested with both a Chromium-based browser (Vanadium) and a Firefox-based browser (IronFox): same result
The fact that non-browser apps work fine through the same tunnel rules out a routing or VPN issue. It seems specific to how browsers handle connections to private IPs in the Private Space context.
Hi,
I'm experiencing a strange issue on GrapheneOS with WireGuard VPN in my Private Space, and I haven't been able to find any similar reports.
Setup:
GrapheneOS on Pixel 8a
Private Space with WireGuard VPN configured (connecting to a Freebox router acting as WireGuard server)
Allowed IPs in the tunnel: 0.0.0.0/0, 192.168.27.64/27, 192.168.1.0/24
No VPN killswitch enabled
The problem:
From the Private Space, with the WireGuard tunnel active (RX/TX counters increasing, tunnel shows as connected), all browsers fail to load local network addresses (192.168.x.x). Both Vanadium and IronFox result in ERR_CONNECTION_TIMED_OUT when trying to access e.g. http://192.168.27.65/ or http://192.168.1.138:8999/.
What works:
Browsers can access the internet normally through the VPN
Apps like qbittorrent and Joplin, configured with the same local IPs, connect to the NAS (on the local network) perfectly fine through the same tunnel
The exact same WireGuard setup works flawlessly in the main profile — browsers included
What I've already tried:
Verified network permissions for Vanadium in the Private Space: unrestricted
No killswitch active
Tried changing WebRTC IP handling policy in Vanadium
Tried chrome://flags/#private-network-access-respect-preflight-results and chrome://flags/#local-network-access-check: no effect
Tested with both a Chromium-based browser (Vanadium) and a Firefox-based browser (IronFox): same result
The fact that non-browser apps work fine through the same tunnel rules out a routing or VPN issue. It seems specific to how browsers handle connections to private IPs in the Private Space context.