Accessing the LAN, Routing issues

Ask questions about your Access Server configuration here.
Post Reply
Porfavor
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2020 8:18 am

Accessing the LAN, Routing issues

Post by Porfavor » Wed Mar 25, 2020 9:26 am

Hello community,

I face difficulties accessing my internal LAN devices when having established a remote VPN connection. I think it has to do with routing. First of all, I ask you for patience with me as I am a beginner regarding this stuff. I am willing to provide all information needed. Though, I think it wouldn't make sense to give you as much information as possible, if not relevant. So I ask you kindly to point me to the essential information to me provided.

Server config

#################################################
# OpenVPN (MvA-Networks Conf)
# VPN Server Configuration
#
# Copyright 2006-2019 (04.09.2019) www.mva.ch
# MvA Internet Services GmbH
#################################################


port 1194
proto udp
dev tun


# ----------------------------------------------
# Zertifikate
# ----------------------------------------------

dh "C:\\Program Files\\OpenVPN\\server-keys\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\server-keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\server-keys\\SERVER.crt"
key "C:\\Program FIles\\OpenVPN\\server-keys\\SERVER.key"

# ----------------------------------------------
# Server-Setup
# ----------------------------------------------

server 10.19.15.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\ipp.txt"
client-to-client

# ----------------------------------------------
# Client-Settings (inkl Special Dir)Files
# ----------------------------------------------

client-config-dir "C:\\Program Files\\OpenVPN\\ccd"
push "route 152.168.1.0 255.255.255.0"
push "dhcp-option DNS 152.168.1.10"

# ----------------------------------------------
# Defaults
# ----------------------------------------------

keepalive 10 120
compress lz4
persist-key
persist-tun

# ----------------------------------------------
# Logging
# ----------------------------------------------

status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
log-append "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 3


Client config

client
dev tun
proto udp
remote HOST 1194
resolv-retry infinite
keepalive 50 100
nobind
persist-key
persist-tun
verb 3


ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\CLIENT.crt"
key "C:\\Program Files\\OpenVPN\\config\\CLIENT.key"



Network is as follows:

[*]Destination LAN router has the IP 152.168.1.1 (this is not the actual IP, but I adjusted any IP provided here to be suitable)
[*]Host of VPN Server has the IP 152.168.1.222
[*]VPN Server provides addresses in 10.19.15.x range
[*]Port 1194 UDP is opened in the router for the VPN host as well as in the server firewall

The server config has the entry:

Code: Select all

push "route 152.168.1.0 255.255.255.0"
In the router there I added the following route:

Code: Select all

Network: 10.19.15.0 Subnet: 255.255.255.0 Destination: 152.168.1.222


What the current state is:

[*]I can establish a VPN connection from remote (mobile hotspot)
[*]I then cannot reach the devices in the destination LAN, not even ping them


Is there anything I missed to adjust regarding the routes or are they maybe wrong?

Any help is appreciated. Thank you in advance.
Last edited by Pippin on Wed Mar 25, 2020 9:54 am, edited 1 time in total.
Reason: Formatting

User avatar
Pippin
Forum Team
Posts: 737
Joined: Wed Jul 01, 2015 8:03 am

Re: Accessing the LAN, Routing issues

Post by Pippin » Wed Mar 25, 2020 10:48 am

There is no need to obfuscate RFC1918 addresses, 152.168.1.222.....
Also see here:
https://community.openvpn.net/openvpn/w ... gConflicts

From the info provided, I see one thing missing, it's in here:
https://community.openvpn.net/openvpn/w ... rversubnet.

Porfavor
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2020 8:18 am

Re: Accessing the LAN, Routing issues

Post by Porfavor » Wed Mar 25, 2020 1:21 pm

Thank you for your reply.

Could to tell me what exactly you refer to in the provided Howto-section? The route in the server config and the gateway (router) are set, as mentioned above. So which one thing is missing?

User avatar
Pippin
Forum Team
Posts: 737
Joined: Wed Jul 01, 2015 8:03 am

Re: Accessing the LAN, Routing issues

Post by Pippin » Wed Mar 25, 2020 2:14 pm

The link refers to "Expanding the scope of the VPN to include additional machines on either the client or server subnet."
There are three things mentioned there.
From the info you provided you have done two, route and gateway.

Porfavor
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2020 8:18 am

Re: Accessing the LAN, Routing issues

Post by Porfavor » Wed Mar 25, 2020 2:34 pm

Are you talking about

"Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine."

?

User avatar
Pippin
Forum Team
Posts: 737
Joined: Wed Jul 01, 2015 8:03 am

Re: Accessing the LAN, Routing issues

Post by Pippin » Wed Mar 25, 2020 3:16 pm

Yes.

I see I posted wrong link, it should be
https://community.openvpn.net/openvpn/w ... dVPNdevtun
Sorry for that one ;)

Porfavor
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2020 8:18 am

Re: Accessing the LAN, Routing issues

Post by Porfavor » Wed Mar 25, 2020 7:27 pm

I now enabled IP (Windows registry setting) and completely turned off firewall and unchecked the boxed to the protected network interfaces. It still doesn't work. So it is quite certainly not a server firewall issue.

Any more ideas?

Post Reply