allow vpn client to connect when on local network

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mikeciccarelli
OpenVpn Newbie
Posts: 1
Joined: Tue Nov 29, 2022 4:56 am

allow vpn client to connect when on local network

Post by mikeciccarelli » Tue Nov 29, 2022 5:03 am

Everything is working as I really need.. for example I can connect when I'm on 5G cell or if I'm on a remote network just fine.. The 1 issue I'm facing is if I'm connected to the local LAN and I try to connect to the outside interface (that I normally connect to when I'm remote) I get an authentication issue:

192.168.1.80:46839 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.80:46839
192.168.1.80:46839 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1669696580) 2022-11-28 23:36:20 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
192.168.1.80:46839 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.80:46839
192.168.1.80:46839 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1669696580) 2022-11-28 23:36:20 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
192.168.1.80:46839 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.80:46839
192.168.1.80:46839 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
192.168.1.80:46839 TLS Error: TLS handshake failed
192.168.1.80:46839 SIGUSR1[soft,tls-error] received, client-instance restarting

I guess the question is, can I even do what I'm attempting? 192.168.1.80 is on my local LAN (as expected) but again I'm trying to connect to the "outside" interface of my router (which hosts openvpn) and it can't authenticate. I've read the above error might be related to MTU but I'm thinking this isn't the case and I'm running into a different issue.

I'd like to be able to use VPN remotely as well as when I'm at home on the local LAN transparently if possible. Hopefully I've explained what I'm attempting to do clearly. I'm wondering if it's getting stuck in some loop and needs routing to allow the local network to connect?

thanks,
Mike

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: allow vpn client to connect when on local network

Post by ordex » Tue Nov 29, 2022 10:12 pm

Is the openvpn server running on your LAN gateway? What hardware is that?
Connecting to the public IP of your gateway while you are within the LAN may trigger all kind of routing/firewall weirdness so it's normally not recommended (regardless of openvpn).

However, if you have full control over your GW/router you may be able to get this going. As alternative, you could use a hostname to connect, and when within the LAN, your local GW (which I presume acts as DNS) could return the server LAN address instead of the public one.

Post Reply