Cannot access other devices in the same gateway as VPN server

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mfizz
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 29, 2018 3:53 pm

Cannot access other devices in the same gateway as VPN server

Post by mfizz » Sat Dec 29, 2018 4:21 pm

I'll just explain my set up. I have a openvpn server running on a machine connected to the internet via a router. The router manages the IP addresses.

The router has the IP 192.168.0.1 (192.168.0.0 subnet)

I have given the server to assign 192.168.10.0 to the clients that connect to it

I can access the openvpn server by the IP address it assigns itself. I want to access the devices connected to router as well.
Client.ovpn
client

client
dev tun
proto udp
port 1194
remote x.ddns.net 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA256
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
<ca> -----BEGIN CERTIFICATE----- x -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- x -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- x -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- x -----END OpenVPN Static key V1----- </tls-auth>


Server.conf

server
client-to-client
persist-key
persist-tun

comp-lzo adaptive
dev tun

ifconfig-pool-persist server-ipp.txt 0
keepalive 10 120

key /etc/openvpn/keys/xtrend.key
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/xtrend.crt
crl-verify /etc/openvpn/keys/crl.pem
dh /etc/openvpn/keys/dh.pem
tls-auth /etc/openvpn/keys/ta.key 0

cipher AES-256-CBC
auth SHA256
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
log /tmp/openvpn_server.log
status openvpn-status.log

port 1194
proto udp
server 192.168.10.0 255.255.255.0

#openvpn network know about local network
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"

#let local network know about openvpn network
#route add -net 192.168.10.0/24 gw 192.168.0.15

verb 3
Last edited by mfizz on Sun Dec 30, 2018 9:01 am, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot access other devices in the same gateway as VPN server

Post by TinCanTech » Sat Dec 29, 2018 5:01 pm

mfizz wrote:
Sat Dec 29, 2018 4:21 pm
Server.conf

Code: Select all

#let local network know about openvpn network 
#route add -net 192.168.10.0/24 gw 192.168.0.15
Your server already knows this route .. it is the other devices which don't.

It's all in the Howto ..

mfizz
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 29, 2018 3:53 pm

Re: Cannot access other devices in the same gateway as VPN server

Post by mfizz » Sat Dec 29, 2018 10:58 pm

The reason why that line is hashed out, is because when I put it in, it give me an error starting openvpn on the line.

Option either has missing or extra parameters, route (line 32)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot access other devices in the same gateway as VPN server

Post by TinCanTech » Sun Dec 30, 2018 2:50 am

did you take a look at the Howto ?

mfizz
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 29, 2018 3:53 pm

Re: Cannot access other devices in the same gateway as VPN server

Post by mfizz » Sun Dec 30, 2018 7:53 am

Yes I did, i believe this is the section:

Code: Select all

EXPANDING THE SCOPE OF THE VPN TO INCLUDE ADDITIONAL MACHINES ON EITHER THE CLIENT OR SERVER SUBNET.
Including multiple machines on the server side when using a routed VPN (dev tun)
Once the VPN is operational in a point-to-point capacity between client and server, it may be desirable to expand the scope of the VPN so that clients can reach multiple machines on the server network, rather than only the server machine itself.

For the purpose of this example, we will assume that the server-side LAN uses a subnet of 10.66.0.0/24and the VPN IP address pool uses 10.8.0.0/24 as cited in the server directive in the OpenVPN server configuration file.

First, you must advertise the 10.66.0.0/24 subnet to VPN clients as being accessible through the VPN. This can easily be done with the following server-side config file directive:

push "route 10.66.0.0 255.255.255.0"
Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).

Make sure that you’ve enabled IP and TUN/TAP forwarding on the OpenVPN server machine.
I suppose I am stuck on how exactly to route vpn subnet to openvpn server

mfizz
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 29, 2018 3:53 pm

Re: Cannot access other devices in the same gateway as VPN server

Post by mfizz » Thu Jan 03, 2019 7:29 am

Code: Select all

Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
Could someone please help me on how to achieve the above ^^ Am I correct in assuming that this needs to be added to my gateway (isp provided router) the tell it that to send all traffic 10.8.0.0 to the local ip address of my server?

Post Reply