Local network access

  • 2 minute(s) read
Prev Next

Local network access is a security feature that allows devices to reach local network resources (such as printers, servers, or shared drives) even when the Kill Switch is enabled. By default, network Kill Switch blocks all traffic—including local (LAN) traffic—if the VPN is disconnected. With local network access enabled, exceptions are made to allow communication within internal networks, keeping printers and other local devices reachable while maintaining secure internet policies.

Local network access is managed at the organization level and can only be enabled or disabled by Organization Administrators through the Control Panel. End users cannot change this setting from their device or application. When enabled, local network access provides exceptions to the VPN Kill Switch for all traffic.

This means you’ll be able to use local printers, access files on internal servers, or communicate with other devices inside your network even if your internet connection is otherwise restricted by Kill Switch. The specific subnets excluded are based on RFC1918, which includes the following ranges:

10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
Please note

By default, local network access is disabled for all users unless an Organization Administrator enables it.

How to enable local network access

  1. Log in to the Control Panel
  2. Navigate to Settings → Security configurations
  3. Find the local network access option and switch the toggle to enabled

When enabled, applications managed by your organization will communicate this setting to user devices.

Platform-specific details

  • Windows & macOS (Sideload): Already allow local network access by default. With central management enabled, behavior becomes consistent for your organization.
  • macOS (App Store): Users may have seen a local network access toggle in previous versions. Once central management is applied, this setting will be visible as enabled but unchangeable by users.
  • Linux: Previously blocked local network access, even with Kill Switch exceptions. Enabling local network access will adjust routing and firewall rules to allow local traffic.

When local network access is enabled, the application allows internal network communication, but will continue to block outgoing DNS requests to prevent DNS leaks.

Please note
  • Some older versions of the NordLayer app may not support centralized control. This means that features and functionality may vary between devices until all of them are updated to NordLayer versions 3.6.0 for Windows, 3.6.1 for macOS and 3.4.3 for Linux.
  • On platforms like Android and iOS, due to OS restrictions, fine-grained control for local network access may not be available.
  • On Linux, enabling local network access may undo vulnerability patches; contact your support representative for guidance if you have specialized security requirements.

Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.