Create VPN Exception for Local Network Devices
Here's a way to create a VPN exception for local network devices using NordVPN.
Failure to contact
I was having trouble mounting my network drive. Symptoms:
Pinging the network drive IP fails with no packets delivered:
ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
^C
--- 192.168.1.200 ping statistics ---
26 packets transmitted, 0 received, 100% packet loss, time 25583msThis was the last known IP. What if the IP changed?
Finding local subnet
For a simple home network, all the local devices are going to be a single subnet, with IPs on a base IP, 192.168.1.x.
How do I know what my subnet is? Well, my local computer's IP will show it. Run ifconfig, and find my wireless device:
ifconfig
...
wlp0s20f3: flags=4163 mtu 1500
inet 192.168.1.201 netmask 255.255.255.0 broadcast 192.168.1.255
ether 70:a6:cc:3b:b4:e2 txqueuelen 1000 (Ethernet)
RX packets 11081886 bytes 14347729757 (14.3 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2898532 bytes 1250657021 (1.2 GB)
TX errors 0 dropped 55 overruns 0 carrier 0 collisions 0 w is wireless protocol. lp0 means PCI bus 0. s20f3 is the slot and function location. The inet (or IPv4) IP address is 192.168.1.201. Thus, our subnet is 192.168.1.x.
We mask that subnet using this CIDR notation: 192.168.1.0/24, allowing 0-256 address in the last position.
Finding local devices
Now, we can scan for all devices on that subnet:
nmap -sn 192.168.1.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2026-01-02 08:19 MST
Nmap scan report for _gateway (192.168.1.1)
Host is up (0.0066s latency).
Nmap scan report for 192.168.1.200
Host is up (0.0045s latency).
Nmap scan report for pop-os (192.168.1.201)
Host is up (0.00022s latency).
...
Nmap done: 256 IP addresses (n hosts up) scanned in 17.55 secondsThis will give us IPs with devices. Which one is our network drive?
The network drive has a web UI that uses ports 5000 and 5001. Is there anything on the subnet that uses those ports? Scan differently:
nmap -p 5000,5001 192.168.1.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2026-01-02 08:21 MST
Nmap scan report for 192.168.1.200
Host is up (0.0065s latency).
PORT STATE SERVICE
5000/tcp open upnp
5001/tcp open commplex-link
Nmap scan report for pop-os (192.168.1.201)
Host is up (0.00011s latency).
PORT STATE SERVICE
5000/tcp closed upnp
5001/tcp closed commplex-link
...
Nmap done: 256 IP addresses (n hosts up) scanned in 17.66 secondsAh, there's one IP with those ports open: 192.168.1.200. That's our boy.
But mount still fails. Why? Well, we knew the answer from the beginning of this story. The VPN is getting in the way.
If you're unsure of that, the easiest thing to do to verify that's the problem is to disconnect the VPN and attempt the network drive mount.
Creating a VPN exception
When connecting to a VPN, by default all traffic is routed through it. The VPN doesn't know about my local network IPs. There are a couple ways around this. For me, the simplest was to create an exception, or allowlist, or whitelist that configures the VPN to not route traffic to those IPs through the VPN router.
In my case, I'm using a NordVPN client. I can make an exception in several ways:
nordvpn allowlist add --help
Usage: nordvpn allowlist add command [command options] [arguments...]
Adds an option to the allowlist
Commands:
port Adds port to the allowlist
ports Adds port range to the allowlist
subnet Adds subnet to the allowlist
help, h Shows a list of commands or help for one command
Options:
--help, -h Show helpI will opt to except the entire local subnet.
nordvpn allowlist add subnet 192.168.1.0/24
Subnet 192.168.1.0/24 is allowlisted successfully.Now, check that it's excepted:
nordvpn settings
...
Allowlisted subnets:
192.168.1.0/24Ping, mount, it all works. We have wrangled the networks to serve us.