Hi everyone,
I am trying to setup a normal openvpn topology, except that my VPN server (which is a DD-wrt router) is nested under a root router. My vpn client needs to access LAN under another router that is also nested under the same root router.
I have all the necessary port forwarding configured properly. So that host1 under VPN server(DD-wrt router) can access the web site hosted in the sibling LAN successfully.
However, vpn client cannot access the web site.
Please kindly advise what I am missing here.
openvpn client cannot access LAN which is sibling of the VPN server LAN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Sep 15, 2022 4:19 pm
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: openvpn client cannot access LAN which is sibling of the VPN server LAN
Hi, the network topology is not really clear to me. Mind making a small diagram? The "sibling" concept is kinda unclear in this context.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Sep 15, 2022 4:19 pm
Re: openvpn client cannot access LAN which is sibling of the VPN server LAN
I tried to include the image in the original post but it didn’t show up. Here is the image link:
https://photos.app.goo.gl/p7JevaZvSJeVpaHA9
https://photos.app.goo.gl/p7JevaZvSJeVpaHA9
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: openvpn client cannot access LAN which is sibling of the VPN server LAN
is NAT configured properly on "Child router 1", so that it is applied to connections coming from the VPN subnet?
You could use ping for basic testing first: ping 192.168.0.1 (or .5) should work from the VPN client (assumig no firewall) before you attempt opening the website.
This said, please note that this whole scenario could just work with full routing, without requiring NAT/port forwarding. But that's up to you.
You could use ping for basic testing first: ping 192.168.0.1 (or .5) should work from the VPN client (assumig no firewall) before you attempt opening the website.
This said, please note that this whole scenario could just work with full routing, without requiring NAT/port forwarding. But that's up to you.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Sep 15, 2022 4:19 pm
Re: openvpn client cannot access LAN which is sibling of the VPN server LAN
Thank you for your quick help. Your suggestion did lead me to the right direction. It turned out that it was due to firewall that is blocking vpn client from accessing other LAN outside of its own. After I added this rule to the child router 1, it started to work:
iptables -I FORWARD -p tcp -s 10.0.0.0/8 -d 0.0.0.0/0 -j ACCEPT
iptables -I FORWARD -p tcp -s 10.0.0.0/8 -d 0.0.0.0/0 -j ACCEPT
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: openvpn client cannot access LAN which is sibling of the VPN server LAN
I am glad I could help! (somehow)