Page 1 of 1

Internet access but can't see other devices

Posted: Wed Jul 01, 2020 3:09 pm
by adc124
I really hope someone can help, this is driving me insane!

I've configured OpenVPN on a Ubiquiti router following the tutorial below:

https://help.ui.com/hc/en-us/articles/1 ... VPN-Server

It all went smoothly and mostly made sense, the only issue being I didn't spot that the local network was running on 192.168.2.* whereas the tutorial was geared up to us 192.168.1.*

Either way, I switched the LAN to use 192.168.1.* and that seems to be working as you'd expect so not sure if that has anything to do with my issue...

So, I can connect to the VPN no problem, and have done so from a Raspberry Pi and a Windows 10 machine. It connects, I can browse the Internet and if I check my public IP it changes when connected to that of the VPN. Great.

Except, I can't see any other devices on the network other than the router itself (on 192.168.1.1). I have "redirect-gateway def1" set at the client so I thought that would do it. I can't ping any devices and certainly can't RDP which is the ultimate goal here.

Any insight anyone can give me would be much appreciated!

Re: Internet access but can't see other devices

Posted: Wed Jul 01, 2020 3:33 pm
by Pippin

Re: Internet access but can't see other devices

Posted: Wed Jul 01, 2020 7:54 pm
by adc124
Thanks for the response Pippin. I have checked the docs already and if I understand it correctly I should us:

push "route 192.168.1.0 255.255.255.0"

In the Ubiquiti tutorial I followed this gets set with the command (step 19):

set interfaces openvpn vtun0 server push-route 192.168.1.0/24

I believe that worked, I can see it in the router config and the IP routing when I connect looks right:

Code: Select all

Wed Jul  1 20:38:48 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=xx:xx:xx:xx:xx:xx
Wed Jul  1 20:38:48 2020 TUN/TAP device tun0 opened
Wed Jul  1 20:38:48 2020 TUN/TAP TX queue length set to 100
Wed Jul  1 20:38:48 2020 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul  1 20:38:48 2020 /sbin/ip addr add dev tun0 172.16.1.3/24 broadcast 172.16.1.255
Wed Jul  1 20:38:48 2020 /sbin/ip route add xx.xx.xx.xx/32 via 192.168.0.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 0.0.0.0/1 via 172.16.1.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 128.0.0.0/1 via 172.16.1.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 192.168.1.0/24 via 172.16.1.1

Re: Internet access but can't see other devices

Posted: Wed Jul 01, 2020 8:26 pm
by Pippin
Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
Done?

Re: Internet access but can't see other devices

Posted: Wed Jul 01, 2020 8:37 pm
by TinCanTech
The router is probably the same machine ..

Re: Internet access but can't see other devices

Posted: Wed Jul 01, 2020 8:40 pm
by Pippin
Yeah probably, then next question would be if the router firewall allows the traffic from tunnel to LAN.

Re: Internet access but can't see other devices

Posted: Wed Jul 01, 2020 9:14 pm
by TinCanTech
I would presume information like that would be in the router manual ...

Re: Internet access but can't see other devices

Posted: Thu Jul 02, 2020 11:49 am
by adc124
Thanks guys.

The router is the same machine.

The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194 and I even just tried changing that rule to allow traffic on any port. Still nothing.

Re: Internet access but can't see other devices

Posted: Thu Jul 02, 2020 12:23 pm
by TinCanTech
adc124 wrote:
Wed Jul 01, 2020 3:09 pm
I really hope someone can help, this is driving me insane!

I've configured OpenVPN on a Ubiquiti router following the tutorial below:

https://help.ui.com/hc/en-us/articles/1 ... VPN-Server
Try the official howto.
adc124 wrote:
Wed Jul 01, 2020 3:09 pm
I switched the LAN to use 192.168.1.*
Never use such a common subnet for your server LAN.
Pippin wrote:
Wed Jul 01, 2020 3:33 pm
Read here:
https://community.openvpn.net/openvpn/w ... rversubnet.
Switch to something more unique.

Re: Internet access but can't see other devices

Posted: Thu Jul 02, 2020 12:46 pm
by Pippin
adc124 wrote:
Thu Jul 02, 2020 11:49 am
The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194
is not equal to
Pippin wrote:
Wed Jul 01, 2020 8:40 pm
if the router firewall allows the traffic from tunnel to LAN.
.....
I do not see that tutorial adding rules for that, unless that happens auto-magically in step 18 or 19.

Re: Internet access but can't see other devices

Posted: Fri Jul 03, 2020 8:12 am
by adc124
Turns out I'd not done anything wrong after all. Figured out that I couldn't even ping my PC from the router itself so determined it was AVG on my PC that was blocking pings. There is a setting buried deep within AVG to allow remote connections (which is ultimately what I need to do), flicked that on and pings started responding.