cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up access to LAN with OpenVPN?

CanadaBri
Level 8
I have my OpenVPN setup and configured, and I can connect - but the only thing I can access is the router itself.

I do have the configuration set to push LAN to clients, and my config allows clients to access LAN and Internet - but I still cannot connect (or even ping) anything that is on the LAN tht is not the router itself.

any ideas?


-EDIT : Actually, I think I am seeing the issue... I have some NetGear switches plugged into my ASUS Router, and it is the devices plugged into those switches that I am not able to reach. I am assuming a static route is needed somewhere?
4,445 Views
11 REPLIES 11

xeromist
Moderator
Unless your switches are doing network segmentation with vlans or something a normal switch should be transparent. Any chance you can test plugging something directly into the router to be sure?
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

HK-47
Level 10
In order for your for you to get access to your lan you need to add a client1 user like I have in the picture attached. You will need to change the subnet to what you have configured in your vpn settings. Also if you are using the VPN fusion along side the VPN server make sure the VPN fusion and VPN server subnets don't conflict. You can check the routing tab under logs. TUN21 will be your routing for the VPN server. Tun15 will be vpn fusion.

89221

89222
-Desktop-
Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
Asus Theta 7.1 Headset

HK-47 wrote:
In order for your for you to get access to your lan you need to add a client1 user like I have in the picture attached. You will need to change the subnet to what you have configured in your vpn settings. Also if you are using the VPN fusion along side the VPN server make sure the VPN fusion and VPN server subnets don't conflict. You can check the routing tab under logs. TUN21 will be your routing for the VPN server. Tun15 will be vpn fusion.


Just asking to clarify,

If my local LAN subnet is (for example) 192.168.123.0 and my VPN subnet is 10.8.0.0 (I think that is default?)... are you saying to change the VPN subnet config to the LAN config, or to change the subnet setting on the user to my LAN subnet?

HK-47
Level 10
You need to make the client1 match your vpn subnet settings. See in my picture my vpn subnet is 10.100.0.0 and client1 is 10.100.0.0. You would need to make client1 10.8.0.0.
Also make sure everything else is checked like my picture.

Also If you look at the routing log when the server is setup you should see
10.8.0.0 to 10.8.0.2 tun21
then
10.8.0.2 to * tun21
The * is your everything on the router.
-Desktop-
Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
Asus Theta 7.1 Headset

HK-47
Level 10
Also I don't use the default 10.8.0.0 vpn subnet because I also use vpn fusion that connects to Nord vpn. Nord was handing out 10.8.0.0 address and it was conflicting with the vpn server on the router. They were both giving out the 10.8.0.0. So when clients would connect to my vpn server on the router they were being routed to NordVPN.
-Desktop-
Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
Asus Theta 7.1 Headset

HK-47 wrote:
Also I don't use the default 10.8.0.0 vpn subnet because I also use vpn fusion that connects to Nord vpn. Nord was handing out 10.8.0.0 address and it was conflicting with the vpn server on the router. They were both giving out the 10.8.0.0. So when clients would connect to my vpn server on the router they were being routed to NordVPN.


Thanks - I have changed my VPN IP setting to 10.100 also.

I had created a VPN user in the main menu are (VPN > OpenVPN).

When you go to advanced settings, and have client specific options... I assume this is a different user now? I would have to use a different user name, or delete the other one and add it here?

The VPN is probably working just fine on my end.

The *one* server that I was hoping to access when I connect to the VPN is not available. That server is using a VPN client to connect elsewhere, but it is accessible from the LAN even when connected. I guess that VPN client does not consider my VPN subnet to be "local". When I disconnect that client from its VPN, I can access it from my own VPN connection.

I had tried VPNFusion before, and I am not sure now if it was my old VPN config (using 10.8.0.0) that may have been messing it up... when I setup the VPN Fusion my entire wifi became inaccessible.

CanadaBri wrote:
Thanks - I have changed my VPN IP setting to 10.100 also.

I had created a VPN user in the main menu are (VPN > OpenVPN).

When you go to advanced settings, and have client specific options... I assume this is a different user now? I would have to use a different user name, or delete the other one and add it here?


Make both usernames match Client1 or just add client1 to the specific option and use your admin login and password when you login to the vpn. I believe you just need to add the client1 to get the routing going.
-Desktop-
Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
Asus Theta 7.1 Headset

Jimbo93
Level 12
CanadaBri wrote:
I have my OpenVPN setup and configured, and I can connect - but the only thing I can access is the router itself.

I do have the configuration set to push LAN to clients, and my config allows clients to access LAN and Internet - but I still cannot connect (or even ping) anything that is on the LAN tht is not the router itself.

any ideas?


-EDIT : Actually, I think I am seeing the issue... I have some NetGear switches plugged into my ASUS Router, and it is the devices plugged into those switches that I am not able to reach. I am assuming a static route is needed somewhere?


Switches shouldn't matter. Did you set up DHCP with static address for the client(s) on the LAN? The client hardware address is entered there in the router, then DHCP always gives same address to the client, even though client is set to automatic DHCP. Port forwarding is the other part to get through the router firewall. That directs the incomming traffic on a port to the client by the private IP address.

Not sure if is this is helpful, but when I needed to VPN into my office from home without opening ports on a router, I would have the office computer automatically establish a tunnel out to the home computer. Been awhile now and the details are a little foggy.