Access to local lan where a client connected from?

Post Reply
large
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 17, 2017 12:36 am

Access to local lan where a client connected from?

Post by large » Mon Jul 17, 2017 12:51 am

Hi,

I am sorry if this question has been answered before.
But I cannot find an easy answer to this and I'm currently learning OpenVPN.
I want the clients to be able to connect to their own network while connected to the VPN.

All my clients wants to route all their traffic over the 12.34.56.78 ip, that works fine with the "Should client Internet traffic be routed through the VPN?" option.

1. Server is running on a public ip, lets call it 12.34.56.78 (server is behind a NAT and portforwarded)
2. Server local ip is 192.168.0.150
3. Clients are connected from a network with ip 192.168.10.x
4. An access rule for the 192.168.0.0/24 works as expected (clients reaches units on the 192.168.0.x network)

Usually the clients are android units, so I use the OpenVPN connect app.
But here is the problem; after the connection is made the clients looses connection to the 192.168.10.x network (where they connected from).
I want that to be excluded from the routing, how is that possible?

After searching I found this little piece of solution

Code: Select all

route 192.168.10.0 255.255.255.0 net_gateway
redirect-gateway def1
But I cannot find a way to enter this into the AS setup, nor any "exclude these networks" option.
If you can guide me in the right direction, I would be glad :)

chilinux
OpenVPN User
Posts: 15
Joined: Thu Mar 28, 2013 8:31 am

Re: Access to local lan where a client connected from?

Post by chilinux » Tue Jul 18, 2017 12:48 am

Possibly this can be added under:

Configuration
-> Advanced VPN Settings
-> Additional OpenVPN Config Directives (Advanced)
-> Client Config Directives

I think you can then add parameters you want to push to the client in that text box.

Otherwise you could try moving your servers to a different (less frequently used) RFC 1918 address space such as 192.168.254.150/24 or 172.31.254.150/24. It should be noted that 192.168.0.x/24 is popular among several consumer brand wifi access points.

An even better solution would be if you could switch your own network to IPv6 space assigned to you by a RIR as that should never clash. Keep in mind that OpenVPN can route IPv6 over IPv4 so even if the client's own ISP doesn't support IPv6, OpenVPN will still be able to assign an IPv6 address inside the tunnel and the client will be able to reach IPv6 addressed servers through the tunnel.

Post Reply