Internet access but can't see other devices

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
adc124
OpenVpn Newbie
Posts: 4
Joined: Wed Jul 01, 2020 3:02 pm

Internet access but can't see other devices

Post by adc124 » Wed Jul 01, 2020 3:09 pm

I really hope someone can help, this is driving me insane!

I've configured OpenVPN on a Ubiquiti router following the tutorial below:

https://help.ui.com/hc/en-us/articles/1 ... VPN-Server

It all went smoothly and mostly made sense, the only issue being I didn't spot that the local network was running on 192.168.2.* whereas the tutorial was geared up to us 192.168.1.*

Either way, I switched the LAN to use 192.168.1.* and that seems to be working as you'd expect so not sure if that has anything to do with my issue...

So, I can connect to the VPN no problem, and have done so from a Raspberry Pi and a Windows 10 machine. It connects, I can browse the Internet and if I check my public IP it changes when connected to that of the VPN. Great.

Except, I can't see any other devices on the network other than the router itself (on 192.168.1.1). I have "redirect-gateway def1" set at the client so I thought that would do it. I can't ping any devices and certainly can't RDP which is the ultimate goal here.

Any insight anyone can give me would be much appreciated!

User avatar
Pippin
Forum Team
Posts: 869
Joined: Wed Jul 01, 2015 8:03 am

Re: Internet access but can't see other devices

Post by Pippin » Wed Jul 01, 2020 3:33 pm


adc124
OpenVpn Newbie
Posts: 4
Joined: Wed Jul 01, 2020 3:02 pm

Re: Internet access but can't see other devices

Post by adc124 » Wed Jul 01, 2020 7:54 pm

Thanks for the response Pippin. I have checked the docs already and if I understand it correctly I should us:

push "route 192.168.1.0 255.255.255.0"

In the Ubiquiti tutorial I followed this gets set with the command (step 19):

set interfaces openvpn vtun0 server push-route 192.168.1.0/24

I believe that worked, I can see it in the router config and the IP routing when I connect looks right:

Code: Select all

Wed Jul  1 20:38:48 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=xx:xx:xx:xx:xx:xx
Wed Jul  1 20:38:48 2020 TUN/TAP device tun0 opened
Wed Jul  1 20:38:48 2020 TUN/TAP TX queue length set to 100
Wed Jul  1 20:38:48 2020 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul  1 20:38:48 2020 /sbin/ip addr add dev tun0 172.16.1.3/24 broadcast 172.16.1.255
Wed Jul  1 20:38:48 2020 /sbin/ip route add xx.xx.xx.xx/32 via 192.168.0.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 0.0.0.0/1 via 172.16.1.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 128.0.0.0/1 via 172.16.1.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 192.168.1.0/24 via 172.16.1.1

User avatar
Pippin
Forum Team
Posts: 869
Joined: Wed Jul 01, 2015 8:03 am

Re: Internet access but can't see other devices

Post by Pippin » Wed Jul 01, 2020 8:26 pm

Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
Done?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7812
Joined: Fri Jun 03, 2016 1:17 pm

Re: Internet access but can't see other devices

Post by TinCanTech » Wed Jul 01, 2020 8:37 pm

The router is probably the same machine ..

User avatar
Pippin
Forum Team
Posts: 869
Joined: Wed Jul 01, 2015 8:03 am

Re: Internet access but can't see other devices

Post by Pippin » Wed Jul 01, 2020 8:40 pm

Yeah probably, then next question would be if the router firewall allows the traffic from tunnel to LAN.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7812
Joined: Fri Jun 03, 2016 1:17 pm

Re: Internet access but can't see other devices

Post by TinCanTech » Wed Jul 01, 2020 9:14 pm

I would presume information like that would be in the router manual ...

adc124
OpenVpn Newbie
Posts: 4
Joined: Wed Jul 01, 2020 3:02 pm

Re: Internet access but can't see other devices

Post by adc124 » Thu Jul 02, 2020 11:49 am

Thanks guys.

The router is the same machine.

The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194 and I even just tried changing that rule to allow traffic on any port. Still nothing.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7812
Joined: Fri Jun 03, 2016 1:17 pm

Re: Internet access but can't see other devices

Post by TinCanTech » Thu Jul 02, 2020 12:23 pm

adc124 wrote:
Wed Jul 01, 2020 3:09 pm
I really hope someone can help, this is driving me insane!

I've configured OpenVPN on a Ubiquiti router following the tutorial below:

https://help.ui.com/hc/en-us/articles/1 ... VPN-Server
Try the official howto.
adc124 wrote:
Wed Jul 01, 2020 3:09 pm
I switched the LAN to use 192.168.1.*
Never use such a common subnet for your server LAN.
Pippin wrote:
Wed Jul 01, 2020 3:33 pm
Read here:
https://community.openvpn.net/openvpn/w ... rversubnet.
Switch to something more unique.

User avatar
Pippin
Forum Team
Posts: 869
Joined: Wed Jul 01, 2015 8:03 am

Re: Internet access but can't see other devices

Post by Pippin » Thu Jul 02, 2020 12:46 pm

adc124 wrote:
Thu Jul 02, 2020 11:49 am
The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194
is not equal to
Pippin wrote:
Wed Jul 01, 2020 8:40 pm
if the router firewall allows the traffic from tunnel to LAN.
.....
I do not see that tutorial adding rules for that, unless that happens auto-magically in step 18 or 19.

adc124
OpenVpn Newbie
Posts: 4
Joined: Wed Jul 01, 2020 3:02 pm

Re: Internet access but can't see other devices

Post by adc124 » Fri Jul 03, 2020 8:12 am

Turns out I'd not done anything wrong after all. Figured out that I couldn't even ping my PC from the router itself so determined it was AVG on my PC that was blocking pings. There is a setting buried deep within AVG to allow remote connections (which is ultimately what I need to do), flicked that on and pings started responding.

Post Reply