Hi,
I have an OpenVPN Server up and running on my Netgear ReadyNAS which is based on Linux (Debian).
I can connect to the the VPN server successfully from my laptop and iPhone from a remote location but I cannot access any of my LAN devices.
I wanted to use a bridge interface originally but have found I cannot use this on the ReadyNAS as the bridge-utils and some of the drivers are missing from the Linux kernel on the system so i cannot run brctl commands.
I have now setup a TUN interface instead but I have no idea how to setup the routing to make all of my LAN devices accessible though the VPN.
I will explain my physical network setup if that makes it easier to assist.
Primary Router (internet connected) – LAN IP – 160.55.3.33, Subnet 255.255.255.0 (DHCP server for LAN 160.55.3.34/149)
ReadyNAS – LAN IP – 160.55.3.250 (STATIC IP) – LAN Interface Name – eth0
OpenVPN server running on ReadyNAS – IP - 10.8.0.0
Secondary Router – LAN IP - 160.55.3.254 (STATIC IP)
WAN IP of Primary Router – 10*.***.**.** (I have masked this for security)
I have read that for the TUN interface I will need to setup iptables and routing so that all my LAN devices are accessible through the VPN server when I am connected remotely.
An example is
iptables -A PREROUTING -t mangle -i <LAN_interface> -d 192.168.1.0/255.255.255.0 -j ROUTE --gw 192.168.0.A
iptables -A PREROUTING -t mangle -i <LAN_interface> -d 10.8.0.0/255.255.255.0 -j ROUTE --gw 192.168.0.A
I just don’t know which IP address I need to put where
I also found
iptables -t nat -A POSTROUTING -o <local_lan_interface_name> -j MASQUERADE
I am unable to set these routes on the primary router as there is no option through the web GUI and it has stock TP Link firmware installed (DD WRT not supported unfortunately)
Any assistance with what routing I will need to configure would be much appreciated and if you are able to advise where each of my LAN IP’s described above need to be placed in the commands would be great as I have no idea really. Also as can be seen I’ve probably made mistakes in my server and client config files.
Client Config
client
dev tap
;dev tun
;dev-node vpn2 #This is the adaptor name for my TAP adaptor in Windows
proto udp
remote 10*.***.**.** 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert iphone.crt
key iphone.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
Server Config
local 160.55.3.250
port 1194
proto udp
mssfix 1400
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 160.55.3.33"
push "route 0.0.0.0 255.255.255.255 net_gateway"
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
max-clients 6
persist-key
persist-tun
status openvpn-status.log
verb 1
user openvpn
group openvpn
OpenVPN Server Issue - Cannot access LAN devices using TUN
-
shauno100
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Nov 15, 2015 11:57 pm
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: OpenVPN Server Issue - Cannot access LAN devices using T
Er ..
One question .. can you add a Custom OpenVPN Config to your server ?
Typically, the simple way to use iptables is to NAT your VPN data to you Server LAN IP:
shauno100 wrote:client
dev tap
Maybe try updating this post.shauno100 wrote:Server
dev tun
One question .. can you add a Custom OpenVPN Config to your server ?
Typically, the simple way to use iptables is to NAT your VPN data to you Server LAN IP:
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o {LANInterface} -j MASQUERADE-
shauno100
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Nov 15, 2015 11:57 pm
Re: OpenVPN Server Issue - Cannot access LAN devices using T
Hi,
Thanks for your reply. I ended up giving up in the end. I had fixed that part in both the client and server scripts (both set to dev tun).
When i attempted to use iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o {LANInterface} -j MASQUERADE i received an error that the NAT table could not be found.
After looking up this error it was due to missing modules in the ReadyNAS's Linux kernel and only option was to rebuild the kernel with the missing modules, so i didn't want to mess around with the ReadyNAS any further.
I also tried using a TAP interface but was unable to bridge the tap0 and eth0 interfaces using bridge-utils as there were missing modules also.
Shaun
Thanks for your reply. I ended up giving up in the end. I had fixed that part in both the client and server scripts (both set to dev tun).
When i attempted to use iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o {LANInterface} -j MASQUERADE i received an error that the NAT table could not be found.
After looking up this error it was due to missing modules in the ReadyNAS's Linux kernel and only option was to rebuild the kernel with the missing modules, so i didn't want to mess around with the ReadyNAS any further.
I also tried using a TAP interface but was unable to bridge the tap0 and eth0 interfaces using bridge-utils as there were missing modules also.
Shaun
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: OpenVPN Server Issue - Cannot access LAN devices using T
That is fairly stupid .. Maybe they ought to call it UnReadyNAS .. Like Ethelredshauno100 wrote:it was due to missing modules in the ReadyNAS's Linux kernel
You could use routing instead or a better server.