Connecting to Raspberry Pi VPN - no access to LAN

[lesagegp]

If I have posted this in the wrong place, I am sorry. This is my first day. If it should go somewhere else, please tell me and I will fix it right away.

I used the following web site to install OpenVPN on a Raspberry Pi

https://pimylifeup.com/raspberry-pi-vpn-server/

I followed all the specific instructions. I used OpenVPN on a remote Windows PC and loaded the .ovpn file. I can log in to the VPN server successfully.

What I can't do is see anything on the server side LAN. That was the entire point of the exercise. I don't want to use RDP and I want to access a NAS safely.

Here are my details.

Server side

Raspberry Pi

192.168.4.36

I use Sonic with an EERO router

I forwarded port 1194 UDP through my WAN address.

The PC I want to reach on the server side LAN is 192.168.4.30 and the NAS is on a separate router 192.168.11.148

The client side is the following.

Xfinity cable modem.

PC 10.0.0.204

There I installed OpenVPN and loaded the .ovpn file.

I do successfully log in to the VPN. The VPN assigns IP 10.245.22.2

When I use IPCONFIG I can see that this is one of my IP addresses.

Considering that I think everyone only does this in order to safely access a remote LAN, I don't understand why that is not part of the instructions. I can definitely log in the the VPN, but that's it. I cannot access a single thing on the server side LAN.

I read some descriptions and watched some videos, but it's not very clear to me exactly what I need to do. With the EERO I don't think I can assign a static route. Can I set up the VPN properly to allow remote LAN access?

Thank you very much if you respond.

Greg

[never-stop-learning]

Hey Greg, do your Raspberry Pi able to have connectivity to the server-side LAN you trying to reach? PING and TRACEROUTE are good tools to test.
And from your client side, what is the current routing shown when connected to VPN? a netstat -rn is a good command to check.

[lesagegp]

Thanks for responding! I just tried to ping the Raspberry Pi and it looks like it is offline. That's not very reliable. Typically I can ping 192.168.4.36 and see it. Let me reboot the Pi and try all of your suggestions.

Do you think it would be better to devote a PC to being the VPN? I have several sitting around that I could use for this purpose. Is Open VPN on a PC easier to set up? My goal is remote access to my LAN.

[lesagegp]

The LAN IP of the Raspberry Pi is 192.168.4.36. I can ping that on the LAN. I used port forwarding to open port 1194.

'traceroute' is not recognized as an internal or external command, operable program or batch file

I can log in to the VPN again now.

I replaced my WAN IP with XXX to protect myself.

Wed Feb 22 19:39:59 2023 MANAGEMENT: >STATE:1677123599,CONNECTED,SUCCESS,10.245.22.2,XXX.XXX.XXX.XXX,1194,,

As you can see, the VPN IP is 10.245.22.2

I can successfully ping that address.

I ran netstat -rn. I wish I could attach a file, but I can't, so I will paste it below.

I could not ping 10.245.22.0 or 10.245.22.255



===========================================================================
Interface List
18...00 ff 6b 8b 09 80 ......Zscaler Network Adapter 1.0.2.0
22...00 ff 30 e0 e6 07 ......TAP-Windows Adapter V9
30...b8 97 5a 5b 1b 08 ......Realtek PCIe GBE Family Controller
106...........................Wintun Userspace Tunnel
39...00 e0 4c 68 75 2a ......Realtek PCIe GbE Family Controller #2
29...00 ff a4 81 d6 88 ......Private Internet Access Network Adapter
34...02 28 11 00 58 e9 ......Microsoft Wi-Fi Direct Virtual Adapter #9
42...00 28 11 00 58 e9 ......Microsoft Wi-Fi Direct Virtual Adapter #10
50...00 ff fd 28 fc 40 ......TAP Adapter V9 for Private Tunnel
24...00 ff 86 1c c8 90 ......TAP Adapter V9 for Private Tunnel #2
32...00 ff b6 5d c5 95 ......TAP Adapter V9 for Private Tunnel #3
37...00 ff da 63 94 b6 ......TAP Adapter V9 for Private Tunnel #4
7...00 ff 15 52 d8 2f ......TAP Adapter V9 for Private Tunnel #5
28...00 ff a3 16 41 7a ......TAP Adapter V9 for Private Tunnel #6
2...00 ff 04 1d d2 60 ......TAP Adapter V9 for Private Tunnel #7
8...00 28 11 00 58 e9 ......Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.4.1 192.168.4.30 25
0.0.0.0 0.0.0.0 192.168.11.1 192.168.11.140 55
0.0.0.0 128.0.0.0 10.245.22.1 10.245.22.2 259
1.0.0.0 255.0.0.0 100.64.0.1 100.64.0.2 1
2.0.0.0 254.0.0.0 100.64.0.1 100.64.0.2 1
4.0.0.0 252.0.0.0 100.64.0.1 100.64.0.2 1
8.0.0.0 248.0.0.0 100.64.0.1 100.64.0.2 1
10.245.22.0 255.255.255.0 On-link 10.245.22.2 259
10.245.22.2 255.255.255.255 On-link 10.245.22.2 259
10.245.22.255 255.255.255.255 On-link 10.245.22.2 259
15.200.104.243 255.255.255.255 192.168.4.1 192.168.4.30 25
15.200.124.156 255.255.255.255 192.168.4.1 192.168.4.30 25
16.0.0.0 240.0.0.0 100.64.0.1 100.64.0.2 1
32.0.0.0 224.0.0.0 100.64.0.1 100.64.0.2 1
64.0.0.0 192.0.0.0 100.64.0.1 100.64.0.2 1
100.64.0.0 255.255.0.0 On-link 100.64.0.2 1
100.64.0.2 255.255.255.255 On-link 100.64.0.2 256
100.64.255.255 255.255.255.255 On-link 100.64.0.2 256
104.129.193.65 255.255.255.255 192.168.4.1 192.168.4.30 25
104.129.195.65 255.255.255.255 192.168.4.1 192.168.4.30 25
104.129.195.103 255.255.255.255 192.168.4.1 192.168.4.30 25
104.129.202.223 255.255.255.255 192.168.4.1 192.168.4.30 25
104.129.202.225 255.255.255.255 192.168.4.1 192.168.4.30 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 10.245.22.1 10.245.22.2 259
128.0.0.0 192.0.0.0 100.64.0.1 100.64.0.2 1
XXX.XXX.XXX.XXX 255.255.255.255 192.168.4.1 192.168.4.30 281
136.226.16.36 255.255.255.255 192.168.4.1 192.168.4.30 25
165.225.3.115 255.255.255.255 192.168.4.1 192.168.4.30 25
165.225.46.115 255.255.255.255 192.168.4.1 192.168.4.30 25
192.0.0.0 192.0.0.0 100.64.0.1 100.64.0.2 1
192.168.4.0 255.255.252.0 On-link 192.168.4.30 281
192.168.4.30 255.255.255.255 On-link 192.168.4.30 281
192.168.7.255 255.255.255.255 On-link 192.168.4.30 281
192.168.11.0 255.255.255.0 On-link 192.168.11.140 311
192.168.11.140 255.255.255.255 On-link 192.168.11.140 311
192.168.11.255 255.255.255.255 On-link 192.168.11.140 311
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.4.30 281
224.0.0.0 240.0.0.0 On-link 192.168.11.140 311
224.0.0.0 240.0.0.0 On-link 10.245.22.2 259
224.0.0.0 240.0.0.0 On-link 100.64.0.2 256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.4.30 281
255.255.255.255 255.255.255.255 On-link 192.168.11.140 311
255.255.255.255 255.255.255.255 On-link 10.245.22.2 259
255.255.255.255 255.255.255.255 On-link 100.64.0.2 256
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
39 281 ::/0 fe80:cdff:fea4:26b2
1 331 ::1/128 On-link
39 281 fd14:72cb1::/64 On-link
39 281 fd14:72cb1:5dc7e71:ab37/128
On-link
39 281 fd14:72cb1:86b7b15:6208/128
On-link
39 281 fd14:72cb112b0:6175:1844/128
On-link
39 281 fd14:72cb1:6951:cd9a:8ce:a816/128
On-link
39 281 fd14:72cb1:84e6:9583:d748:5002/128
On-link
39 281 fd14:72cb1:90af30f:8327/128
On-link
39 281 fd14:72cb1:c894:424e:809e:d73a/128
On-link
39 281 fd14:72cb1:ed1b:ea22:6ed6:8136/128
On-link
39 281 fd9d:d54b:7bf5:1::/64 fe80:cdff:fea4:26b2
39 281 fe80::/64 On-link
8 311 fe80::/64 On-link
22 259 fe80::/64 On-link
39 281 fe80:12b0:6175:1844/128
On-link
22 259 fe80::7c63:6347:9ea0:5576/128
On-link
8 311 fe80::a857:4ac6:6e21:d1c0/128
On-link
1 331 ff00::/8 On-link
39 281 ff00::/8 On-link
8 311 ff00::/8 On-link
22 259 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

[lesagegp]

I turned off screen save on the Pi, so it does not periodically shut down. I also plugged it in the wired ethernet instead of WiFi, so it should be more reliable.

Sonic told me how I might be able to set up static routes. Please tell me how I can access my home LAN through the VPN. The address is assigns is completely unrelated.