Internet access but can't see other devices
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 01, 2020 3:02 pm
Internet access but can't see other devices
I really hope someone can help, this is driving me insane!
I've configured OpenVPN on a Ubiquiti router following the tutorial below:
https://help.ui.com/hc/en-us/articles/1 ... VPN-Server
It all went smoothly and mostly made sense, the only issue being I didn't spot that the local network was running on 192.168.2.* whereas the tutorial was geared up to us 192.168.1.*
Either way, I switched the LAN to use 192.168.1.* and that seems to be working as you'd expect so not sure if that has anything to do with my issue...
So, I can connect to the VPN no problem, and have done so from a Raspberry Pi and a Windows 10 machine. It connects, I can browse the Internet and if I check my public IP it changes when connected to that of the VPN. Great.
Except, I can't see any other devices on the network other than the router itself (on 192.168.1.1). I have "redirect-gateway def1" set at the client so I thought that would do it. I can't ping any devices and certainly can't RDP which is the ultimate goal here.
Any insight anyone can give me would be much appreciated!
I've configured OpenVPN on a Ubiquiti router following the tutorial below:
https://help.ui.com/hc/en-us/articles/1 ... VPN-Server
It all went smoothly and mostly made sense, the only issue being I didn't spot that the local network was running on 192.168.2.* whereas the tutorial was geared up to us 192.168.1.*
Either way, I switched the LAN to use 192.168.1.* and that seems to be working as you'd expect so not sure if that has anything to do with my issue...
So, I can connect to the VPN no problem, and have done so from a Raspberry Pi and a Windows 10 machine. It connects, I can browse the Internet and if I check my public IP it changes when connected to that of the VPN. Great.
Except, I can't see any other devices on the network other than the router itself (on 192.168.1.1). I have "redirect-gateway def1" set at the client so I thought that would do it. I can't ping any devices and certainly can't RDP which is the ultimate goal here.
Any insight anyone can give me would be much appreciated!
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Internet access but can't see other devices
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 01, 2020 3:02 pm
Re: Internet access but can't see other devices
Thanks for the response Pippin. I have checked the docs already and if I understand it correctly I should us:
push "route 192.168.1.0 255.255.255.0"
In the Ubiquiti tutorial I followed this gets set with the command (step 19):
set interfaces openvpn vtun0 server push-route 192.168.1.0/24
I believe that worked, I can see it in the router config and the IP routing when I connect looks right:
push "route 192.168.1.0 255.255.255.0"
In the Ubiquiti tutorial I followed this gets set with the command (step 19):
set interfaces openvpn vtun0 server push-route 192.168.1.0/24
I believe that worked, I can see it in the router config and the IP routing when I connect looks right:
Code: Select all
Wed Jul 1 20:38:48 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=xx:xx:xx:xx:xx:xx
Wed Jul 1 20:38:48 2020 TUN/TAP device tun0 opened
Wed Jul 1 20:38:48 2020 TUN/TAP TX queue length set to 100
Wed Jul 1 20:38:48 2020 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 1 20:38:48 2020 /sbin/ip addr add dev tun0 172.16.1.3/24 broadcast 172.16.1.255
Wed Jul 1 20:38:48 2020 /sbin/ip route add xx.xx.xx.xx/32 via 192.168.0.1
Wed Jul 1 20:38:48 2020 /sbin/ip route add 0.0.0.0/1 via 172.16.1.1
Wed Jul 1 20:38:48 2020 /sbin/ip route add 128.0.0.0/1 via 172.16.1.1
Wed Jul 1 20:38:48 2020 /sbin/ip route add 192.168.1.0/24 via 172.16.1.1
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Internet access but can't see other devices
Done?Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Internet access but can't see other devices
The router is probably the same machine ..
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Internet access but can't see other devices
Yeah probably, then next question would be if the router firewall allows the traffic from tunnel to LAN.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Internet access but can't see other devices
I would presume information like that would be in the router manual ...
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 01, 2020 3:02 pm
Re: Internet access but can't see other devices
Thanks guys.
The router is the same machine.
The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194 and I even just tried changing that rule to allow traffic on any port. Still nothing.
The router is the same machine.
The Ubiquiti instructions do set up a firewall rule to allow traffic on port 1194 and I even just tried changing that rule to allow traffic on any port. Still nothing.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Internet access but can't see other devices
Try the official howto.adc124 wrote: ↑Wed Jul 01, 2020 3:09 pmI really hope someone can help, this is driving me insane!
I've configured OpenVPN on a Ubiquiti router following the tutorial below:
https://help.ui.com/hc/en-us/articles/1 ... VPN-Server
Never use such a common subnet for your server LAN.
Switch to something more unique.Pippin wrote: ↑Wed Jul 01, 2020 3:33 pmRead here:
https://community.openvpn.net/openvpn/w ... rversubnet.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Internet access but can't see other devices
is not equal to
.....
I do not see that tutorial adding rules for that, unless that happens auto-magically in step 18 or 19.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 01, 2020 3:02 pm
Re: Internet access but can't see other devices
Turns out I'd not done anything wrong after all. Figured out that I couldn't even ping my PC from the router itself so determined it was AVG on my PC that was blocking pings. There is a setting buried deep within AVG to allow remote connections (which is ultimately what I need to do), flicked that on and pings started responding.