Cant see LAN devices

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
StRess691
OpenVpn Newbie
Posts: 2
Joined: Fri Feb 10, 2023 1:08 pm

Cant see LAN devices

Post by StRess691 » Fri Feb 10, 2023 1:19 pm

Hi Everyone.

I have an OVPN 2.6.0 installed as server on Windows 10 machine.
I'm able to connect from client - Windows 11 - also version 2.6.0 of OVPN.

On the server there is a SMB share, which can be accessed both from internal LAN and by the VPN - so that works.

The problem is, I cannot see printers in my internal LAN. I also cannot ping the router from the VPN.
Firewalls on both machines are disabled.

Internal LAN: 192.168.1.0/24
RTR: 192.168.1.1
VPN: 10.8.0.0/24
Server LAN IP: 192.168.1.200
Server VPN IP: 10.8.0.1
Client VPN IP: 10.8.0.6
Printers: 192.168.1.16, 192.168.1.58, 192.168.1.226 (don't ask...)


Server configuration

port 1196
proto udp4
dev tun
ca "C:\\Program Files\\OpenVPN\\config-auto\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config-auto\\server.crt"
key "C:\\Program Files\\OpenVPN\\config-auto\\server.key"
dh "C:\\Program Files\\OpenVPN\\config-auto\\dh.pem"
server 10.8.0.0 255.255.255.0
keepalive 10 120
client-to-client
cipher AES-256-GCM
comp-lzo
persist-key
persist-tun
verb 3
explicit-exit-notify 1
push "route 192.168.1.0 255.255.255.0"


Client configuration

client
dev tun
proto udp4
remote xx.xx.xx.xx 1196
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca "C:\\Users\\xxx\\OpenVPN\\config\\CNC1\\ca.crt"
cert "C:\\Users\\xxx\\OpenVPN\\config\\CNC1\\CNC1.crt"
key "C:\\Users\\xxx\\OpenVPN\\config\\CNC1\\CNC1.key"
cipher AES-256-GCM
comp-lzo
verb 3


IPv4 Route Table on the Client side:

Code: Select all

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.219.252  192.168.219.148     75
         10.8.0.0    255.255.255.0         10.8.0.5         10.8.0.6    281
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    281
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    281
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      172.23.48.0    255.255.240.0         On-link       172.23.48.1    271
      172.23.48.1  255.255.255.255         On-link       172.23.48.1    271
    172.23.63.255  255.255.255.255         On-link       172.23.48.1    271
      192.168.1.0    255.255.255.0         10.8.0.5         10.8.0.6    281
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    330
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    330
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    330
    192.168.219.0    255.255.255.0         On-link   192.168.219.148    331
  192.168.219.148  255.255.255.255         On-link   192.168.219.148    331
  192.168.219.255  255.255.255.255         On-link   192.168.219.148    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    281
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    330
        224.0.0.0        240.0.0.0         On-link   192.168.219.148    331
        224.0.0.0        240.0.0.0         On-link       172.23.48.1    271
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    281
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    330
  255.255.255.255  255.255.255.255         On-link   192.168.219.148    331
  255.255.255.255  255.255.255.255         On-link       172.23.48.1    271
===========================================================================
IPv4 Route Table on the Server side:

Code: Select all

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.200    281
         10.8.0.0    255.255.255.0         10.8.0.2         10.8.0.1     25
         10.8.0.0  255.255.255.252         On-link          10.8.0.1    281
         10.8.0.1  255.255.255.255         On-link          10.8.0.1    281
         10.8.0.3  255.255.255.255         On-link          10.8.0.1    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.200    281
    192.168.1.200  255.255.255.255         On-link     192.168.1.200    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.200    281
        224.0.0.0        240.0.0.0         On-link          10.8.0.1    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.200    281
  255.255.255.255  255.255.255.255         On-link          10.8.0.1    281
===========================================================================
Logs of Windows firewall shows nothing after disabling the firewall, logs from OVPN don't show anything unusual.
On the client side there is also no errors.

I can see and ping from Client to server both VPN and LAN IP's.

Unfortunately I do not have any other machine that I can ping/check, there is only this server and printers.

Can you please help me with that or point into right direction?

PS
Still searching on my own. Realized, that when I ping the printer 192.168.1.226 with "-t" parameter, after some time it is visible OR it is visible immadiately, but when trying to http to it ping brakes:

Code: Select all

Pinging 192.168.1.226 with 32 bytes of data:
Reply from 192.168.1.226: bytes=32 time=90ms TTL=126
Reply from 192.168.1.226: bytes=32 time=57ms TTL=126
Reply from 192.168.1.226: bytes=32 time=98ms TTL=126
Reply from 192.168.1.226: bytes=32 time=51ms TTL=126
Reply from 192.168.1.226: bytes=32 time=49ms TTL=126
Reply from 192.168.1.226: bytes=32 time=56ms TTL=126
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.1.226: bytes=32 time=56ms TTL=126
Reply from 192.168.1.226: bytes=32 time=54ms TTL=126
Reply from 192.168.1.226: bytes=32 time=52ms TTL=126
Reply from 192.168.1.226: bytes=32 time=52ms TTL=126
At the other hand I can ping the printer 192.168.1.16 without any brakes, but can not access http.
Also, I can not ping nor http access the router on *.1.1

StRess691
OpenVpn Newbie
Posts: 2
Joined: Fri Feb 10, 2023 1:08 pm

Re: Cant see LAN devices

Post by StRess691 » Sat Feb 11, 2023 12:17 pm

Tried to change the "push" parameter on Server to add the gateway for as follows:

Code: Select all

push "redirect-gateway def1"
push "route 192.168.1.0 255.255.255.0 192.168.1.1 1"
or

Code: Select all

push "route 192.168.1.0 255.255.255.0 net_gateway 1"
but the final of this is (on the Client side):

Code: Select all

2023-02-11 13:05:47 TEST ROUTES: 1/2 succeeded len=1 ret=0 a=0 u/d=up
2023-02-11 13:05:47 Route: Waiting for TUN/TAP interface to come up...
Tried uninstalling TAP/TUN adapters on both Server and Client, reinstalling OpenVPN etc.

Still don't work... Could the router be a problem? I have no physical access to it nor can logit to it - it is a provider property :/

PS the forwarding is (and was) enabled:

Code: Select all

Set-NetIPInterface -Forwarding Enabled

Post Reply