OpenVPN Support Forum

Hello!

If anybody can give me some advice it would be most appreciated. I have a problem reaching my LinkStation files trough an OpenVPN connection.

I am running OpenVPN on a linux box on my LAN. The Buffalo LinkStation is in the same LAN as the OpenVPN box. Both are behind the same router.
The router is located at 192.168.1.1 and the OpenVPN linux box at 192.168.1.4. My Buffalo Linkstation is at 192.168.1.7

The VPN subnet is configuredt at openVPN server's /server.conf as:
- server 10.8.0.0 255.255.255.0

So far I am able to:
1. Establish VPN connection between client and server, works great!
2. My Client receives IP 10.8.0.X IP address from the OpenVPN server.
3. I am able to reach my Buffalo LinkStation trough the VPN connection by entering 192.168.1.7 to Chrome browser (so as to say: I can reach the buffalo setup portal)
4. I can also access an IP camera hosted on the same LAN trough the VPN connection (192.168.1.11), so it seems everything is working.

I am unable to:
1. I am unable to access the LinkStation on my Windows Explorer where it is mapped as Z:\, also the LinkStation wont appear on Buffalos "NAS Navigator", where it normally shows when I am connected trough the local LAN..

By following different guides, I've come to suspect that the issue is somehow related to routing, but I am unable to find a configuration that works. Buffalos own manual states that the NAS will not be visible to computers that are outside of the same network. Therefore I suspect that the 10.8.0.0 VPN IP is not reaching the Buffalo at 192.168.1.7.

1. On my router I have added a static routing between 10.8.0.0 and 192.168.1.1
2. I have tried adding routing rules to the server.conf: - push "route 192.168.1.0 255.255.255.0"
3. I have tired adding routing to the server like this: "route add -net 10.8.0.0/24 gw 192.168.1.4" or "route add -net 10.8.0.0/24 gw 192.168.1.0" or "route add -net 10.8.0.0/24 gw 192.168.1.1" to no avail.

Any help would be much appreciated. I did not post my server.conf from client/server yet, because the basic VPN connection works as intended. Only the Buffalo NAS is unreachable and remains a mystery.

Edit: My LAN Router's static routing is:
Destination 10.8.0.0 [VPN Subnet] Mask 255.255.255.0 Router IP 192.168.1.4 [VPN Server IP]

I also tried to search the root cause with tcpdump on the server, but I am not savvy enough to understand what parameters I should use with tcpdump and what specifically to look for. Any clues?

I have followed the steps here https://openvpn.net/index.php/open-sour ... html#scope to:
- advertise the subnet to VPN Clients by "push route 192.168.1.0 255.255.255.0"
- setting the route on my router (see above)
- IP forwarding is enabled on the server by "iptables -I FORWARD -i tun0 -o eth0 \-s 10.8.0.0/24 -d 192.168.0.0/24 \-m conntrack --ctstate NEW -j ACCEPT" and "iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \-j ACCEPT"

Foreshadow wrote:I did not post my server.conf from client/server yet, because the basic VPN connection works as intended. Only the Buffalo NAS is unreachable and remains a mystery

please post your configs .. my tea leaves only work for romantic concerns

Point taken

server.conf:
port1194
proto udp
den tun
ca ca.crt
cert server.crt
key server.key # This file...
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route "192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.222.220"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpvn-status.log
verb3

I don't know about your NAS but, as you can connect to it directly (by IP address), I suspect you have a problem with broadcast packets, which OpenVPN in TUN mode does not support. (It is actually the underlying network layer OSI 2 vs OSI 3, not OpenVPN)

You can either try --dev tap and --server-bridge (which is OSI-2) or be satisfied with connection via IP address. See this:
https://openvpn.net/index.php/open-sour ... dging.html

Or if your NAS can run the OpenVPN server itself you may be able to do it that way ..

Thank you for the help
I had previously tried bridging but was unable to get the server working.

Now when I tried bridging again following the instruction to which you posted the link on - it still did not work.
The problem was that the server machine had no connection outside of the local LAN.

I found the solution here (http://serverfault.com/questions/275577 ... er-network)
which was annoingly simple and easy: just add "route add default gw 192.168.1.1" to the end of the "bridge-start" script, and now everything works as intended.

I can finally connect to the local NAS through the OpenVPN server.
Once again, thank you for the help.