Can't connect to devices on internal network.

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Tewkster
OpenVpn Newbie
Posts: 2
Joined: Mon May 22, 2023 6:31 pm

Can't connect to devices on internal network.

Post by Tewkster » Mon May 22, 2023 6:42 pm

I have OpenVPN v2.6.3 installed on Windows 11. I can connect (10.8.0.x) and I can connect to the server's internal address (192.168.3.1), but I can't connect to any other devices on the internal network (eg. 192.168.3.6)

Below is the config file on my Debian server:
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
push "route 192.168.3.0 255.255.255.0"
dh none



Below is the config file on Windows 11:
client
proto udp
explicit-exit-notify
remote xxxxxxxx.com 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_VfqCsbPNGVsrLOnr name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>

Fadim
OpenVPN User
Posts: 40
Joined: Mon May 15, 2023 12:14 pm

Re: Can't connect to devices on internal network.

Post by Fadim » Wed May 24, 2023 9:15 am

Hey @Tewkster,
You might want to check if your VPN's client configuration file has the necessary route to your internal network. The "push route" command in your server configuration file might not be sufficient.
On your Windows 11 client, try adding the following line:
route 192.168.3.0 255.255.255.0
This will instruct the client to route traffic to the 192.168.3.0/24 network over the VPN.
Also, ensure that your server firewall rules allow traffic from the VPN to the rest of your network. You might want to add an iptables rule like:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
(replace "eth0" with your server's network interface name)
Hope that helps. Let us know how it goes!

Tewkster
OpenVpn Newbie
Posts: 2
Joined: Mon May 22, 2023 6:31 pm

Re: Can't connect to devices on internal network.

Post by Tewkster » Fri May 26, 2023 7:36 pm

Thanks for the quick response @Fadim.

I added "route 192.168.3.0 255.255.255.0" to my client.

My internal network is br0. I also tried the following:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE

I can only ping the server (192.168.3.1), nothing else.

My VPN firewall has the following lines which works great for internet traffic:

iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o ppp0 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i ppp0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o ppp0 -j ACCEPT
iptables -I INPUT 1 -i ppp0 -p udp --dport 1194 -j ACCEPT

Post Reply