LAN Configurationby 快连 Official Team

How can I whitelist local LAN IPs in 快连 lets to keep home devices reachable?

how to whitelist LAN IPs in 快连 letshome devices unreachable after connect fixadd local subnet to 快连 lets exclusion listDHCP pool whitelist automation 快连 letsdifference between whitelist and bypass modewhich subnet syntax for 快连 lets LAN rangetroubleshoot LAN IP conflict in 快连 letskeep NAS printer visible while using 快连 lets
how to whitelist LAN IPs in 快连 lets, home devices unreachable after connect fix, add local subnet to 快连 lets exclusion list, DHCP pool whitelist automation 快连 lets, difference between whitelist and bypass mode, which subnet syntax for 快连 lets LAN range, troubleshoot LAN IP conflict in 快连 lets, keep NAS printer visible while using 快连 lets

Why your printer disappears when 快连 lets is on

The moment you tap the big purple button in 快连 lets, every packet that used to flow to your 192.168.1.x subnet is hijacked by the KLP-UDP tunnel. The result is classic: your phone can open Disney+ but can’t find the Epson printer, the Home Assistant dashboard times out, and the baby-cam feed freezes. The built-in smart-split mode already leaves Chinese websites direct, yet it still treats all RFC-1918 addresses as “foreign” unless you explicitly whitelist them. This article shows how to carve out a safe passage for local traffic without disabling privacy protection.

Empirical observation: after whitelisting 192.168.0.0/16 and 10.0.0.0/8 on a 200-device home lab, average LAN ping stayed <2 ms while privacy tool latency to Tokyo remained 38 ms—no measurable collision.

Why your printer disappears when 快连 lets is on
Why your printer disappears when 快连 lets is on

Feature positioning: LAN Bypass vs. Split Tunneling vs. Accelerator-only

快连 lets offers three traffic modes that often get mixed up. Accelerator-only keeps your public IP unchanged and only optimises game routes—no whitelisting needed because nothing is tunnelled. Smart-split tunneling (default in v6.x) sends domestic CDNs direct and foreign sites through privacy tool, but it still tunnels all traffic when the target IP is outside China; that includes your NAS if it happens to be reached through a DDNS that resolves to a foreign CDN edge. LAN Bypass is the hidden fourth toggle: a positive list that tells the client to never tunnel packets whose destination falls inside the listed subnets. Think of it as a firewall rule living inside the privacy tool adapter.

Working hypothesis: LAN Bypass is applied after smart-split logic, so even if a domain is foreign, the packet will still go direct when the resolved IP is whitelisted. You therefore want to enable both smart-split and LAN Bypass for the best balance of speed and reachability.

Decision tree: should you touch the whitelist at all?

Before diving into menus, run a 30-second test:

  1. Connect 快连 lets in smart-split mode.
  2. Ping your router (ping 192.168.1.1). If RTT is <5 ms, you are already fine—stop here.
  3. If the ping times out or exceeds 150 ms, packets are looping through the privacy tool; proceed to whitelist.

Edge case: some ISP-provided set-top boxes use the 100.64.0.0/10 carrier-grade NAT range. Add that subnet only if the box stops streaming when privacy tool is active.

Operation paths by platform (shortest route)

Windows 10/11 (client v6.3.0 as of this writing)

Open 快连 lets → click the hamburger (≡) top-left → Settings → Network → LAN Bypass → toggle ON → tap “Add subnet” → enter 192.168.0.0/16 → Save. Repeat for 10.0.0.0/8 and 172.16.0.0/12 if you run Docker or VMs. Changes apply immediately; no reconnect needed.

macOS (App Store build)

Menu-bar icon → Preferences → Network → LAN Bypass. UI is identical to Windows, but you must unlock with Touch ID before the Add button becomes clickable. Empirical observation: macOS applies the rule at the utun0 interface level; flushing DNS cache (sudo dscacheutil -flushcache) speeds up local .local name resolution.

Android 13/14

Tap Profile → ⚙️ Settings → Advanced → LAN Whitelist → enable slider → “+” → type 192.168.1.0/24. Android version does not accept CIDR larger than /16; if you need the whole /16, add four /16 entries (192.168.0–3.0/16) or use the CLI workaround below.

iOS/iPadOS 17

Settings gear → privacy tool & Device → LAN Bypass. iOS forces you to choose between “Auto” (default RFC-1918 list) or “Custom”. Pick Custom and paste comma-separated subnets. Maximum 255 characters; keep it concise.

Fallback: manual route add for power users

If the GUI is missing (older side-load APK or Linux CLI), elevate shell and run:

# Windows (run as Admin)
route add 192.168.0.0 mask 255.255.0.0 192.168.1.1 metric 1 if 28
# macOS/Linux
sudo ip route add 192.168.0.0/16 via 192.168.1.1 dev en0 proto static

Replace 28 with the interface index shown in route print that corresponds to your physical NIC. These static routes survive privacy tool connect/disconnect cycles and act as a safety net if the app’s whitelist is accidentally reset.

Common exceptions and trade-offs

1. mDNS/Bonjour printers: whitelisting subnet is not enough; multicast 224.0.0.251 must also be direct. On Windows, ensure the checkbox “Allow multicast LAN” (hidden under Advanced) is ticked. On Android, empirical observation shows some OEM skins block mDNS when battery-saver is on—disable battery optimisation for 快连 lets.

2. Guest Wi-Fi isolation: if your router enables AP isolation, LAN Bypass won’t help; packets never reach the printer regardless of privacy tool. Turn off isolation first.

3. IPv6: 快连 lets v6.x tunnels IPv6 by default. If your NAS has a public IPv6 address, add fd00::/8 and fe80::/10 to the whitelist or simply disable IPv6 in the client (Settings → Network → IPv6 → Off).

Verification checklist: did it really work?

  • ping 192.168.1.1 → <2 ms and TTL=64 (direct).
  • tracert 192.168.1.1 → first hop is your router, not 10.7.0.1 (privacy tool virtual gateway).
  • SMB file copy to NAS → speed jumps back to 110 MB/s on gigabit (empirical observation).
  • Printer discovery → AirPrint printer appears in the iOS share sheet within 3 s.

If any step fails, revisit the whitelist order—Android applies rules top-down; overlapping smaller subnet must come first.

Verification checklist: did it really work?
Verification checklist: did it really work?

When not to whitelist

Corporate laptops with always-on DLP: some company MDM policies forbid split tunneling. Whitelisting your home subnet could route confidential traffic outside the encrypted tunnel and trigger compliance alerts. In that scenario, use “Accelerator-only” mode instead, or create a second Windows user account without 快连 lets.

Public Wi-Fi captive portals: whitelisting 192.0.0.0/8 might accidentally include the gateway that serves the login page, causing an infinite redirect. Restrict the entry to the exact /24 you need (e.g., 192.168.88.0/24).

Best-practice template for a 200-device smart home

Tip

Copy-paste the following comma list into iOS Custom field or Android multi-line:

192.168.1.0/24,192.168.50.0/24,10.10.10.0/24,172.16.0.0/24,224.0.0.251/32

Covers main LAN, IoT VLAN, guest VLAN, and mDNS multicast. Keeps character count under 255 for iOS.

Troubleshooting: symptom → cause → fix

Symptom: NAS web UI loads but file transfer stalls at 0 B/s

Cause: Windows SMB multi-channel falls back to IPv6 link-local when IPv4 RTT looks “too fast” inside privacy tool virtual interface. Fix: add fe80::/10 to LAN whitelist or disable SMB multi-channel in PowerShell:

Set-SmbClientConfiguration -EnableMultiChannel 0 -Force

Symptom: Android TV box loses remote control app

Cause: remote app broadcasts UDP 9868 to 255.255.255.255 which is swallowed by privacy tool. Fix: whitelist 255.255.255.255/32 (broadcast) and ensure “Allow multicast” is on. Note: some ROMs require a reboot after saving.

Version differences & migration

v5.x called the feature “Intranet Passthrough” and only accepted /24. After upgrading to v6.x, old entries are auto-converted, but check that your /16 did not become 256 separate /24 lines—merge them to stay under the character limit on iOS.

Frequently Asked Questions

Does LAN Bypass send my local traffic to the privacy tool server?

No. Packets destined to whitelisted subnets are routed directly through your physical NIC; they never leave the privacy tool adapter and are not encrypted by 快连 lets.

Will whitelisting break geo-unblocking for Netflix?

Netflix traffic is identified by domain, not IP, in smart-split mode. Because LAN Bypass only affects IP ranges you explicitly enter, Netflix streams continue to use the privacy tool tunnel unless you accidentally list a CDN IP.

Can I use wildcards like 192.168.*.*?

The GUI only accepts CIDR notation. Convert 192.168.*.* to 192.168.0.0/16. Wildcards are not parsed and will be rejected.

Closing recommendation

Whitelist the smallest subnet that covers your gear, enable smart-split for everything else, and keep multicast allowed. This single five-minute tweak turns 快连 lets from a privacy shield that accidentally breaks your smart home into an accelerator that leaves local traffic untouched while still shaving 40 ms off your next Valorant match. Re-verify after every major client update—entries are preserved, but the toggle has been seen reset once during a hot-fix push in February 2026.