TUN Mode and reaching LAN Subnet
Posted: Wed Aug 12, 2015 5:38 pm
The purpose of this VPN is for smartphones to be able to access intranet resources when out of the office. The host machine is running Windows Server 2008. The LAN subnet is 192.168.1.x, the OpenVPN pool is 10.0.11.x
Bridging mode would probably be best, but to my knowledge, only TUN is generally available in iOS and Android without jailbreaking/root access, so I'm trying to configure OpenVPN to allow access to devices on the 192.168.1.x subnet over a TUN connection.
The OpenVPN service is running with the following pertinent config options:
server 10.0.11.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
I'm not currently pushing any dhcp-options, but I have previously tried pushing both 192.168.1.1 and 10.0.11.1 as DNS servers.
I've configured the router (a Linksys RV082 at 192.168.1.1) to forward TCP port 1194 to 192.168.1.21 (the address of LAN connection on the OpenVPN server). I've also added an ixp0 in the routing table to use 192.168.1.21 as the gateway for 10.0.11.0/255.255.255.0 (under Setup > Advanced Routing > Static Routing for anyone familiar with this router).
The Android client (using the OpenVPN Connect app) connects successfully, and is assigned an IP of 10.0.11.4. Devices on the LAN can successfully ping both 10.0.11.1 (the OpenVPN TAP adapter) and 10.0.11.4 (the Android). The Android can successfully ping 10.0.11.1. The Android cannot, however, successfully ping anything on the 192.168.1.x subnet, including the gateway.
When I connect to the VPN with a Win7 machine and tracert 192.168.1.1, I get as far as the VPN server (10.0.11.1), but everything after that times out - it seems like the OpenVPN host doesn't know how to route traffic to the 192.168.1.x subnet.
I have disabled the firewall entirely for both the router and the server machine (simultaneously as well as separately) to try and rule that out, with no change.
Still no luck, and I feel like I'm grasping out towards the periphery of my knowledge.
Bridging mode would probably be best, but to my knowledge, only TUN is generally available in iOS and Android without jailbreaking/root access, so I'm trying to configure OpenVPN to allow access to devices on the 192.168.1.x subnet over a TUN connection.
The OpenVPN service is running with the following pertinent config options:
server 10.0.11.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
I'm not currently pushing any dhcp-options, but I have previously tried pushing both 192.168.1.1 and 10.0.11.1 as DNS servers.
I've configured the router (a Linksys RV082 at 192.168.1.1) to forward TCP port 1194 to 192.168.1.21 (the address of LAN connection on the OpenVPN server). I've also added an ixp0 in the routing table to use 192.168.1.21 as the gateway for 10.0.11.0/255.255.255.0 (under Setup > Advanced Routing > Static Routing for anyone familiar with this router).
The Android client (using the OpenVPN Connect app) connects successfully, and is assigned an IP of 10.0.11.4. Devices on the LAN can successfully ping both 10.0.11.1 (the OpenVPN TAP adapter) and 10.0.11.4 (the Android). The Android can successfully ping 10.0.11.1. The Android cannot, however, successfully ping anything on the 192.168.1.x subnet, including the gateway.
When I connect to the VPN with a Win7 machine and tracert 192.168.1.1, I get as far as the VPN server (10.0.11.1), but everything after that times out - it seems like the OpenVPN host doesn't know how to route traffic to the 192.168.1.x subnet.
I have disabled the firewall entirely for both the router and the server machine (simultaneously as well as separately) to try and rule that out, with no change.
Still no luck, and I feel like I'm grasping out towards the periphery of my knowledge.