Access Client side LAN on VPN server

networking router vpn routing openvpn
15,775

Solution 1

Two things:

  1. Are you sure you have your local network Ok? If the gateway is 10.1.1.253, and the netmask is 255.255.255.252, pcs 10.1.2.2 and 10.1.2.14 are not on the same network as the gateway.

  2. The packet from the Ocean server comes bearing as an IP address the other end of the OpenVPN tunnel, presumably 10.8.0.1. When this reaches 10.1.2.2, this sees it belongs to a different subnet than its own, and will thus try to forward its reply the only way it knows, i.e. via the gateway, not via the OpenVPN client. Hence the return ping never comes back.

    The way to circumvent this is to add the following iptables rule on the RPI:

    iptables -t nat -A POSTROUTING -d (here your local network) -j MASQUERADE

    This way the packet will be sent back to the OpenVPN client. I did not insert your network because it is not clear which one that is: if it is 10.1.2.0/30 please insert that, or modify accordingly.

Solution 2

What you want to do is called LAN-to-LAN. The solution is to have the correct routes on your VPN client and VPN server. You usually do the client-side config by "pushing" the routing information from the server to the client.

Have a look at this: https://community.openvpn.net/openvpn/wiki/RoutedLans

also: https://serverfault.com/questions/593314/openvpn-routing-for-lan-to-lan-through-tun

Share:
15,775

Related videos on Youtube

Bhushan
Author by

Bhushan

Updated on September 18, 2022

Comments

  • Bhushan
    Bhushan over 1 year

    Till now I have managed to installed OpenVPN server on DigitalOcean and OpenVPN client on Raspberry Pi. My Raspberry Pi's OpenVPN IP is 10.8.0.6 which I can ping from OpenVPN server. Now this RPi is connected to LAN netword(gateway 10.1.1.253, SubnetMask:255.255.252.0) by IP 10.1.2.14. There is another Linux system connected to this client's(RPi) network and its IP is 10.1.2.2.

    Now I want to access 10.1.2.2 from OpenVPN server via VPN. Can anybody explain me how should I do this ?

    EDIT: As per @masgo's suggestion, I did following

    1. In server.conf file, added client-config-dir /etc/openvpn/ccd , route 10.1.0.0 255.255.252.0 and push "route 10.1.0.0 255.255.252.0"
    2. In /etc/openvpn/ccd/lappy file, added iroute 10.1.0.0 255.255.252.0
    3. Now I am able to ping to ip 10.1.2.14(OpenVPN's client) from OpenVPN server but not to ip 10.1.2.2. What I am missing in client side routing?
  • Bhushan
    Bhushan over 7 years
    My netmask is not 255.255.255.252 but 255.255.252.0
  • Bhushan
    Bhushan over 7 years
    So I need to add following command in RPi iptables -t nat -A POSTROUTING -d 10.1.0.0 / 22 -j MASQUERADE . Right ?
  • MariusMatutiae
    MariusMatutiae over 7 years
    @BhushanPatil That's right. As for the network, apologies, my bad.
  • MariusMatutiae
    MariusMatutiae over 7 years
    @BhushanPatil No space in 10.1.0.0/22, careful.
  • Bhushan
    Bhushan over 7 years
    THAT WORKED. thank you very much. But I am new to networking stuff, so will you explain me what this command iptables -t nat -A POSTROUTING -d 10.1.0.0/22 -j MASQUERADE doing magic here ?
  • MariusMatutiae
    MariusMatutiae over 7 years
    @BhushanPatil Sure: it rewrites the IP header of every frame sent, with its own IP address for the sender, to make it look like the frames are sent from the RPI instead of being passed on from the Ocean server. It also keeps track of all conversations automagically, so that when the reply comes, the RPI knows that the reply is really for the Ocean server, not for itself.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Routing a particular subnet into a VPN tunnel
OpenVPN connecting but no internet access on Ubuntu 16.04 / 18.04 / 20.04
How can I make VirtualBox guests share the host's VPN connection?
Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
Only routing certain traffic through VPN
openvpn - How to set client to use local gateway? aka use connection for resources on its network only
Routing subnet to specific routing table with fwmark, direct to ISP and VPN
OpenVPN without NAT
Yet another routing issue in OpenVPN - Cannot access local machines while on VPN
Peering two sites in a VPN: DIY mode with twin Raspberry Pi