How do I connect to PC while it is running in client mode?

[r4ffles]

Hi,

I really hope somebody here can help me with this problem. I have a PC at home which is used by my wife from time to time to work from home which means she has to connect to work using OpenVPN. The PC has Openvpn installed with a client configuration file.

Everything works fine, except that while I am away from home, I also need to connect to the PC and that only works when the VPN is disconnected. The moment the VPN is connected I cannot connect to the PC from the Internet anymore.

Even though I have a static IP and have port forwarded the PC in my router I can't connect when the VPN is running.

Is there a way to allow me to connect to the PC from the Internet using the REAL IP address even when the VPN is connected?

Living in hope of a solution.

Thanks.

Reggie.

[janjust]

sounds like the openvpn client uses 'redirect-gateway' (or 'redirect-gateway def1') ;
if you add an explicit route on the client to allow your incoming connection (e.g. if you're always coming in from the same IP range) then the client should be reachable again.

Alternatively you could stop using 'redirect-gateway' but this will most likely break things for your wife's VPN.

[r4ffles]

Hi, and thanks for the reply. I have checked the client.conf file and there is nothing like redirect-gateway. Here is the content of the file


client
port 443
dev tun
proto udp
remote xxxxxxxx.xxx
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt

cert xxxxxx.crt
key xxxxxx.key

ns-cert-type server
tls-auth ta.key 1
;comp-lzo
verb 3

Any idea's

PS. my IP is not static as I use a 3G iPhone as well as a laptop, and the iPhone doesn't have Openvpn so I can't even setup the PC as an OpenVPN Server.

Thanks again.

[janjust]

the 'redirect-gateway' can be pushed by the server to the client; check the routing table after the PC is connected : is there a new default route pointing to the VPN server?

[maikcat]

hi there,

the redirect-gateway statement is located on your SERVER config not the client one..

please post it as well.

michael

[r4ffles]

Thanks for the reply's.

I think I have confused the matter a bit. The server is a company server which I don't have access to so I can't get the config or change it in any way.

What I need to be able to do is get to my PC (mostly using FTP) from the internet. This is easy to do without my wife being connected to her company VPN, but as soon as she is connected I cannot access the same PC from the internet. I can't get to it using FTP on the LAN either.

Someone suggested this solution but I can't get it to work.

"You’re on a network with only HTTP/HTTPS access to the internet… you’ve got OpenVPN setup to tunnel all your traffic out via HTTPS…. but you still want to access the local LAN?

All the OpenVPN client is doing is changing the routing table on the OS (netstat -nr / route print) you’ll see that the route to the OpenVPN server is in there and the default gateway is the OpenVPN tunnel interface, to connect to the local LAN simply add a route via the “local gatway”, i.e. the same gateway used to get to the vpn server.

Cool eh? Reverse-split-tunneling!!!"

I am not sure if this is the same thing as I am trying to do. I have a router setup at 192.168.1.1 and the pc has 192.168.1.2. The VPN seems to use IP 10.8.0.8 and 10.8.0.9 as the gateway. The server is IP 10.8.0.0 I think.

Is it possibleto do what I want or not?

Many thanks,

[janjust]

yep it is still possible; you can overrule the 'redirect-gateway' pushed by the server using

Code: Select all

route-nopull

but you would need to make sure that all routes which the VPN needs are explicitly added.

You can also create an explicit route to your local router (192.168.1.1/255.255.255.255) and somehow NAT SSH traffic back from the router to your local PC.

[r4ffles]

Hello and thanks for all the help. Sorry I am so dumb on this subject. I have been trying to understand how to implement your advice but can find nothing on the web to explain how to do what you suggest.

In principle I understand what you are saying, but putting it into practice is another thing.

I added the route-nopull to the client config and it broke the VPN

I understand that I need to put a route into the client.conf file back to the VPN, but what format does that take. Simply adding route 10.8.0.0 255.255.255.255 pointing back to the VPN Server doesn't seem to work.

I also tried just adding a route to my local router (without route-nopull) with route 192.168.1.1 255.255.255.0 but that also didn't work, so I am obviously not getting the correct details into the client.conf file.

You will probably have to spell this out for me as I don't have the technical skills to get this working.

Thanks for all the help.