Internet access but can't see other devices

[adc124]

I really hope someone can help, this is driving me insane!

I've configured OpenVPN on a Ubiquiti router following the tutorial below:

https://help.ui.com/hc/en-us/articles/1 ... VPN-Server

It all went smoothly and mostly made sense, the only issue being I didn't spot that the local network was running on 192.168.2.* whereas the tutorial was geared up to us 192.168.1.*

Either way, I switched the LAN to use 192.168.1.* and that seems to be working as you'd expect so not sure if that has anything to do with my issue...

So, I can connect to the VPN no problem, and have done so from a Raspberry Pi and a Windows 10 machine. It connects, I can browse the Internet and if I check my public IP it changes when connected to that of the VPN. Great.

Except, I can't see any other devices on the network other than the router itself (on 192.168.1.1). I have "redirect-gateway def1" set at the client so I thought that would do it. I can't ping any devices and certainly can't RDP which is the ultimate goal here.

Any insight anyone can give me would be much appreciated!

[Pippin]

Read here:
https://community.openvpn.net/openvpn/w ... rversubnet.

[adc124]

Thanks for the response Pippin. I have checked the docs already and if I understand it correctly I should us:

push "route 192.168.1.0 255.255.255.0"

In the Ubiquiti tutorial I followed this gets set with the command (step 19):

set interfaces openvpn vtun0 server push-route 192.168.1.0/24

I believe that worked, I can see it in the router config and the IP routing when I connect looks right:

Code: Select all

Wed Jul  1 20:38:48 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=xx:xx:xx:xx:xx:xx
Wed Jul  1 20:38:48 2020 TUN/TAP device tun0 opened
Wed Jul  1 20:38:48 2020 TUN/TAP TX queue length set to 100
Wed Jul  1 20:38:48 2020 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul  1 20:38:48 2020 /sbin/ip addr add dev tun0 172.16.1.3/24 broadcast 172.16.1.255
Wed Jul  1 20:38:48 2020 /sbin/ip route add xx.xx.xx.xx/32 via 192.168.0.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 0.0.0.0/1 via 172.16.1.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 128.0.0.0/1 via 172.16.1.1
Wed Jul  1 20:38:48 2020 /sbin/ip route add 192.168.1.0/24 via 172.16.1.1

[Pippin]

Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).

Done?

[TinCanTech]

The router is probably the same machine ..

[Pippin]

Yeah probably, then next question would be if the router firewall allows the traffic from tunnel to LAN.

[TinCanTech]

I would presume information like that would be in the router manual ...

[adc124]

Thanks guys.

The router is the same machine.

The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194 and I even just tried changing that rule to allow traffic on any port. Still nothing.

[TinCanTech]

I really hope someone can help, this is driving me insane!

I've configured OpenVPN on a Ubiquiti router following the tutorial below:

https://help.ui.com/hc/en-us/articles/1 ... VPN-Server

Try the official howto.

I switched the LAN to use 192.168.1.*

Never use such a common subnet for your server LAN.

Read here:
https://community.openvpn.net/openvpn/w ... rversubnet.

Switch to something more unique.

[Pippin]

The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194

is not equal to

if the router firewall allows the traffic from tunnel to LAN.

.....
I do not see that tutorial adding rules for that, unless that happens auto-magically in step 18 or 19.

[adc124]

Turns out I'd not done anything wrong after all. Figured out that I couldn't even ping my PC from the router itself so determined it was AVG on my PC that was blocking pings. There is a setting buried deep within AVG to allow remote connections (which is ultimately what I need to do), flicked that on and pings started responding.