Can't Access Home LAN IPs behind OpenVPN Client running on router

[woodpecker]

Hi,

I have been trying for a week to access devices on my home LAN via OpenVPN, I've read so many articles but must have something not quite right.

My setup is as follows

OpenVPN server running on CentOS VPS web server - 10.8.0.0
Home Lan - OpenWRT/OpenVPN running on GL.inet router 192.168.8.0, allocated IP 10.8.0.22 from OpenVPN server

From the home LAN 192.168.8.0 devices can access the internet via the server perfectly.
From the internet, clients have internet access via the server perfectly.

I am trying to access a device on the home LAN with IP 192.168.8.231 but I can't get to it from the internet via the server.

If I connect an iphone via 4G to the server, it gets an IP address of 10.8.0.10
From a PC on the home LAN I can ping the phone on 10.8.0.10
But from the phone I cannot ping any 192.168.8.xxx device.

My server and client configs are below, please help

Server Config

View OriginalServer Config

port 443 #- port
proto tcp #- protocol
dev tun
tun-mtu 1500
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
route 192.168.8.0 255.255.255.0
push "route 192.168.8.0 255.255.255.0"
client-to-client
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status 443.log
verb 4

Client Config

View OriginalClient Config

client
dev tun
proto tcp
remote myopenvpndomain.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
float
ca ca.crt
cert my.crt
key my.key

[TinCanTech]

I've read so many articles but must have something not quite right.

You did not read this:
HOWTO: Expanding the scope of the VPN to include additional machines

[woodpecker]

I've read so many articles but must have something not quite right.

You did not read this:
HOWTO: Expanding the scope of the VPN to include additional machines

Thanks for replying, I did read that but can't confess to understanding it all.
Re-reading it, I have now added to the server config:-

client-config-dir ccd

Then created a directory ccd, added a file client2 and inside that added:-

iroute 192.168.8.0 255.255.255.0

This still doesn't work though.

Going back to that article, I don't quite understand how "server-side LAN uses a subnet of 10.66.0.0/24" translates to my system?

I'm also unsure if there is anything else missing as per this paragraph towards the end:

"The last step, and one that is often forgotten, is to add a route to the server's LAN gateway which directs 192.168.4.0/24 to the OpenVPN server box (you won't need this if the OpenVPN server box is the gateway for the server LAN)."

Can you help please?

[woodpecker]

Another day gone by and no further progress.

I have found that using the iphone over 4G I can connect into the home lan router via openvpn using IP 10.8.0.22, but not using IP 192.168.8.1

I must be still missing something to let me into the 192.168.8.xxx subnet?

[woodpecker]

Found one error in my config, the ccd file was the wrong client name, now I've corrected that I can ping 192.168.8.1 and access the router on that IP but still can't get to, or ping any other devices on the 192.168.8.xxx subnet.....

Any ideas?

[woodpecker]

More progress, the issue is the firewall on the OpenWRT router, if I stop the firewall it all works just fine, I'm just not sure what rule I need to add into the firewall to allow the traffic pass.