OpenVPN Support Forum

Hi! I have a openvpn access server in my homelab. Everything working fine but somethimes when i in my friends home, on my macbook i can connect via client but cant reach anything in my homelab. In school network working nice but not in my friends home, tested on windows its working. I dont know what output to post here i am using .ovpn file selected on my client. Maybe someone can help me out?

Hi, I moved this topic to the Access Server board.

I'm guessing you have an IP address overlap at the friends home. You cannot have routes to the same network going different places. Only one route will be used.

You might be interested in the OpenVPN Cloud which has kludges to make that work. And likewise, Cloud has its own forum.

regards, rob0

openvpn_inc wrote: ↑

Sat Apr 02, 2022 4:02 pm

Hi, I moved this topic to the Access Server board.

I'm guessing you have an IP address overlap at the friends home. You cannot have routes to the same network going different places. Only one route will be used.

You might be interested in the OpenVPN Cloud which has kludges to make that work. And likewise, Cloud has its own forum.

regards, rob0

Oh, thank your for your answer. So there is no option to fix that? Yes i will take a look on cloud.
And the openvpn cloud, can i reach my servers in my home with openvpn cloud? Becase what i can see that you can connect to other regions with cloud.

Hi kd,

There is no sane way to fix the problem of IP network overlap. Cloud uses ugly kludges based on DNS. Those are pretty much out of scope for the OpenVPN forums. If you want to set up dnsmasq and have questions, Simon has a user mailing list. (But please do some homework before asking there. There is no drop-in way to do what our Cloud architects have figured out. I am in fact a DNS expert, but it would take me much time and work to replicate the Cloud feature.)

Fortunately RFC 1918 is huge enough for any well-managed organization to be able to have no overlapping networks. Just pick obscure networks out of 172.16/12 or 10/8, and you'll be fine. There is no reason why every site needs to be on 192.168.0/23.

If you can't change your friend's network numbering, you surely can change your own. But any use of 192.168.0/23 in VPNs is sure to encounter problems, as roving clients inevitably will connect from similar networks.

The way to reach home through Cloud is with a static site-to-site connector from home to Cloud, then remote clients connect to Cloud. With correct routes you're done!

regards, rob0