TUN Mode and reaching LAN Subnet

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
MattB08
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 12, 2015 4:44 pm

TUN Mode and reaching LAN Subnet

Post by MattB08 » Wed Aug 12, 2015 5:38 pm

The purpose of this VPN is for smartphones to be able to access intranet resources when out of the office. The host machine is running Windows Server 2008. The LAN subnet is 192.168.1.x, the OpenVPN pool is 10.0.11.x

Bridging mode would probably be best, but to my knowledge, only TUN is generally available in iOS and Android without jailbreaking/root access, so I'm trying to configure OpenVPN to allow access to devices on the 192.168.1.x subnet over a TUN connection.

The OpenVPN service is running with the following pertinent config options:
server 10.0.11.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"

I'm not currently pushing any dhcp-options, but I have previously tried pushing both 192.168.1.1 and 10.0.11.1 as DNS servers.

I've configured the router (a Linksys RV082 at 192.168.1.1) to forward TCP port 1194 to 192.168.1.21 (the address of LAN connection on the OpenVPN server). I've also added an ixp0 in the routing table to use 192.168.1.21 as the gateway for 10.0.11.0/255.255.255.0 (under Setup > Advanced Routing > Static Routing for anyone familiar with this router).

The Android client (using the OpenVPN Connect app) connects successfully, and is assigned an IP of 10.0.11.4. Devices on the LAN can successfully ping both 10.0.11.1 (the OpenVPN TAP adapter) and 10.0.11.4 (the Android). The Android can successfully ping 10.0.11.1. The Android cannot, however, successfully ping anything on the 192.168.1.x subnet, including the gateway.

When I connect to the VPN with a Win7 machine and tracert 192.168.1.1, I get as far as the VPN server (10.0.11.1), but everything after that times out - it seems like the OpenVPN host doesn't know how to route traffic to the 192.168.1.x subnet.

I have disabled the firewall entirely for both the router and the server machine (simultaneously as well as separately) to try and rule that out, with no change.

Still no luck, and I feel like I'm grasping out towards the periphery of my knowledge.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: TUN Mode and reaching LAN Subnet

Post by Traffic » Fri Aug 14, 2015 11:11 am

MattB08 wrote:Bridging mode would probably be best
Almost certainly not ..
MattB08 wrote:The LAN subnet is 192.168.1.x
Bad idea ..
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Top
Post Reply

Return to “Installation Help”