Client Connected to OpenVPN Server Cannot Ping LAN Devices

[Brenneke]

I have OpenVPN server set up on my Asus RT-AC68U:

Router IP 192.168.2.1

Server 1
LAN & Internet
TUN TCP 443

Server 2
LAN & Internet
TUN UDP 1195

I can connect successfully to both servers with my Android phone from outside the network. (WiFi or mobile data)

When connected from outside the network to either server:
I can log onto router
I can access the internet
I can ping 192.168.2.1 using Nmap on phone
I cannot ping any devices connected to my router

I have also tried setting up servers as TAP, (using Android VPN client app with TAP support) but can see that this will be too slow to do anything with. I achieved same results as above with TAP.

Please help me with what I need to do to make this work. My network knowledge is limited but things are slowly percolating through after much reading.

Thank you.

[TinCanTech]

https://community.openvpn.net/openvpn/w ... versubnet.

[Brenneke]

My OpenVPN server is on my router at 192.168.2.0

I have added this to my config files:

Code: Select all

push "route 192.168.2.0 255.255.255.0"

The instruction you linked now says i must do this:
'Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine.'

I am assuming my OpenVPN server and the LAN gateway are different machines. I am interested in accessing devices that are Ethernet-connected to my router at addresses 192.168.2.82 and 192.168.2.5.
1) How do I set up a route on the server side gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server?
2) How can I enable IP and TUN/TAP forwarding on my Asus router?

Thank you for your help and patience.

[Brenneke]

I found out how to check IP forwarding on my router, ran this and I am set to 1.

Code: Select all

cat /proc/sys/net/ipv4/ip_forward

Could someone please help me with this statement?
'Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).'
1) Am I understanding correctly that this applies to my situation?
2) Do I also use push route in config to achieve this and numbers do I use?

[Brenneke]

https://community.openvpn.net/openvpn/w ... rversubnet.

Could someone please help me with this statement?
'Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).'
1) Am I understanding correctly that this applies to my situation?
2) Do I also use push route in config to achieve this and what numbers do I use?

[TinCanTech]

1) Am I understanding correctly that this applies to my situation?

My OpenVPN server is on my router at 192.168.2.0

In your case, you do not need the route because you run openvpn server on your router.

[Brenneke]

Are there any potential issues with running VPN clients on same router? I have two clients running, all wifi networks are going through one or the other of these through my VPN provider.
Thank you.

[TinCanTech]

Running a server and a client instance on the same device is unlikely to work as you want it to.

[Brenneke]

Could you please give me a quick layman-version explanation? Is there any way around this?
Thank you.

[TinCanTech]

The best way to learn is to try it and see for yourself .. who knows, perhaps it will work for you.

[JuanTCY]

Are both running on the same device?

[Brenneke]

The best way to learn is to try it and see for yourself .. who knows, perhaps it will work for you.

It is clear from my post that I have been trying and it has not worked as of yet.

[Brenneke]

Are both running on the same device?

By both are you referring to client and server?
My home wifi router is running two clients connected to different servers from my VPN provider - my wifi networks (main and guest) are set to these clients.
I also have two OpenVPN servers set up on same router for testing to try to get remote access to a device that is ethernet-connected to same router.
Thank you.