Access to LAN (Windows)

rvn · Post by **rvn** » Fri Mar 15, 2024 6:56 am

I've searched through many similar posts to this but ultimately not found a solution in any of them. I would be very grateful for assistance from any of you more knowledgeable pros.

Background
Remote LAN 192.168.0.0/24 (unadvisable but not my issue currently)
Remote LAN Gateway is Ubiquiti EdgeRouter Lite @ 192.168.0.1 (serving dhcp)
Remote VPN Server: 192.168.0.46
Server software OpenVPN v2.6.9 on a Windows 10 machine (reserved)

Client LAN 192.168.1.0/24
Client Gateway: 192.168.20.1
Client software OpenVPN Connect 3.4.4 on a Windows 11 machine

(conf's further below)

Objective
The objective is to have access to the entire remote LAN from the client, preferably as a split-tunnel.
There is no need for the remote LAN to have access to have access to the client network.

Problem
Based on the below configuration, the client is connecting to the vpn gateway, receives the IP address 10.8.0.2 and the split tunnel seems to work as I retain the client network gateway public IP address.
I am able to connect to the VPN Gateway (Win10) server via its 10.8.0.1 address

The problem is I am unable to access any of the additional machines on the remote LAN.

I have enabled IP Forwarding on the VPN Gateway (Win10) machine.
I have also tried setting a static route in the EdgeRouter for 10.8.0.0/24 => 10.8.0.1 (and also tried => 192.168.0.46 - yes, i'm confused about that - have left as the latter) but neither appears to make a difference.

Server.ovpn

port 62784
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

Client.ovpn

client
dev tun
proto udp
remote office.<mydomain>.com.au 62784
resolv-retry infinite
nobind
persist-key
persist-tun
ca "D:\\Documents\\CDS\\OpenVPNClient\\ca.crt"
cert "D:\\Documents\\CDS\\OpenVPNClient\\client.crt"
key "D:\\Documents\\CDS\\OpenVPNClient\\client.key"
remote-cert-tls server
cipher AES-256-CBC
verb 3

Server route print

Code: Select all

===========================================================================
Interface List
  8...........................Wintun Userspace Tunnel
 10...b8 ae ed 7f 5e 28 ......Intel(R) Ethernet Connection (3) I218-V
 15...00 ff c7 05 08 9f ......TAP-Windows Adapter V9
 17...........................OpenVPN Data Channel Offload
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.46     25
         10.8.0.0    255.255.255.0         On-link          10.8.0.1    281
         10.8.0.1  255.255.255.255         On-link          10.8.0.1    281
       10.8.0.255  255.255.255.255         On-link          10.8.0.1    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.46    281
     192.168.0.46  255.255.255.255         On-link      192.168.0.46    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.46    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.8.0.1    281
        224.0.0.0        240.0.0.0         On-link      192.168.0.46    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.8.0.1    281
  255.255.255.255  255.255.255.255         On-link      192.168.0.46    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 15    281 fe80::/64                On-link
 10    281 fe80::/64                On-link
 10    281 fe80::e46:f575:e2d:5f24/128
                                    On-link
 15    281 fe80::e80f:b4c6:12c:1d68/128
                                    On-link
  1    331 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Client route print

Code: Select all

===========================================================================
Interface List
 18...00 ff c0 e8 4b 24 ......TAP-Windows Adapter V9 for OpenVPN Connect
 15...00 ff af d4 12 25 ......Private Internet Access Network Adapter
 17...........................OpenVPN Data Channel Offload
 19...6c a1 00 05 42 8b ......Microsoft Wi-Fi Direct Virtual Adapter
 12...6e a1 00 05 42 8a ......Microsoft Wi-Fi Direct Virtual Adapter #2
 13...6c a1 00 05 42 8a ......Intel(R) Wi-Fi 6 AX200 160MHz
 10...6c a1 00 05 42 8e ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.20.1     192.168.20.5     45
         10.8.0.0    255.255.255.0         On-link          10.8.0.2    257
         10.8.0.2  255.255.255.255         On-link          10.8.0.2    257
       10.8.0.255  255.255.255.255         On-link          10.8.0.2    257
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         10.8.0.1         10.8.0.2    257
     192.168.20.0    255.255.255.0         On-link      192.168.20.5    301
     192.168.20.5  255.255.255.255         On-link      192.168.20.5    301
   192.168.20.255  255.255.255.255         On-link      192.168.20.5    301
  203.xxx.xxx.xxx  255.255.255.255     192.168.20.1     192.168.20.5    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.8.0.2    257
        224.0.0.0        240.0.0.0         On-link      192.168.20.5    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.8.0.2    257
  255.255.255.255  255.255.255.255         On-link      192.168.20.5    301
===========================================================================
Persistent Routes:
  None

rvn · Post by **rvn** » Sat Mar 16, 2024 2:36 am

RESOLVED:
I needed to set the ethernet adapter sharing properties as per this post:

https://www.reddit.com/r/OpenVPN/commen ... rside_lan/

Control Panel
Network and Sharing Center
Change Adapter Settings
Right-click the main internet connection (e.g. Ethernet)
Properties
Sharing tab
Allow other network users to connect
Select the TAP adapter (e.g. OpenVPN TAP-Windows6) for the Home networking connection
Keep "Allow other network users to control... checkbox selected
Select the OK button

OpenVPN Support Forum

Access to LAN (Windows)

Access to LAN (Windows)

Re: Access to LAN (Windows)