this post was submitted on 23 Sep 2025
19 points (100.0% liked)

Proton

7854 readers
62 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 2 years ago
MODERATORS
ProtonPrivacy@lemmy.world
alex_herrero@lemmy.world
Nelizea@lemmy.world
19
Are there downsides to using the "Allow Lan Connections" option in Proton VPN? (discuss.tchncs.de)
submitted 1 week ago by __siru__@discuss.tchncs.de to c/protonprivacy@lemmy.world
2 comments fedilink hide all child comments
 

On MacOS (but to my knowledge also on other platforms) Proton VPN provides an allow LAN connections option in the settings which enables the machine to access other devices on the local network (printers, smartphone, TV, etc.) even when the VPN connection is running.

My questions are as follows:

  • Does allowing LAN connections make the VPN connection less secure in any way?
  • If not, is there any reason as to why Proton VPN defaults to leaving this turned off?

I am aware that there is apparently an issue with the Kill Switch and the Allow LAN Connections options being mutually exclusive, but I was wondering whether there is more to it than that.

you are viewing a single comment's thread
view the rest of the comments
[–] DahGangalang 7 points 1 week ago (1 children)

I think I'd depends on what you mean by secure.

So to give you an idea of how that'd work (at least my understanding of it):

  • Your VPN will set up a virtual interface (naturally its associated with your physical network interface, but the virtual allows some cryptography magic) and sends all traffic out that "pipe". That pipe leads to (in this case) a Proton server. That pipe is encrypted from your device to that server.
  • By default, ALL traffic is forced out that pipe.
  • When you allow LAN connections, it'll basically setup a firewall rule that sends all traffic NOT bound for you local network (usually 192.168.0.0/24) through that encrypted pipe.
  • all traffic bound for the local network will go through usual routes.

On the face of it and with a "normie" home network, this is probably okay.

However, if you (as an example) run a local DNS server (like Pi-Hole) its possible that your DNS traffic gets send through normal (and potentially non - encrypted means) channels to the DNS server and then forwarded out to the wider internet. This could allow an ISP to get an idea of what you're looking at with your VPN (since they'll be able to see that you're using a VPN, this is not a difficult thing to correlate)

So really the answer is it depends. I'd minimize risks by leaving LAN connections off, unless you really need it, but that's making a bunch of assumptions about your specific needs and threat model.

[–] __siru__@discuss.tchncs.de 2 points 1 week ago

Thank you for the detailed reply. I completely forgot about the situation like a Pi-Hole that would slip through the proverbial cracks as being a local device that also sends outbound requests on demand though.