OpenVPN with MacOS X Client and same subnets in local and remote net

Solution 1

I don't think routing is supposed to work like that. Essentially, your two networks are the same as far as IPv4 is concerned. The VPN doesn't change that. You don't use routers to connect two parts of the same network; you need bridges for that.

I've never done this, but I think you have a few options.

• Configure the OpenVPN gateways in a bridged mode. As long as there are no IP conflicts (one machine on each network with the same IP, eg 192.168.1.100) this should work. If you're using DHCP, you'll need to deal with potential overlap; you don't want two DHCP servers on the same network.

  According to the link, you have two options for IP allocation:

  • Let OpenVPN manage its own client IP address pool using the server-bridge directive, or
  • configure the DHCP server on the LAN to also grant IP address leases to VPN clients.
    

• Configure one network to another network address. Just change 192.168.1/24 on one network to 192.168.7/24 (or some other address). This will definitely work, and you'll only have to reconfigure one network.

• Subnet the 192.168.1/24 into two /25 networks (eg, 192.168.1.0/25 and 192.168.1.128/25). This will also definitely work, but you'll have to reconfigure both networks. (For reference, the netmask on a /25 is 255.255.255.128).

Solution 2

I had the exact some problem. Adding the following script invocation in my ovpn connection setup file solved it:

route-delay 2
route-up /Users/user/.local/bin/vpn-routes

Where the script re-assigns the default route manually, as shown below:

#!/bin/bash

/sbin/route delete default
/sbin/route delete 0/1
/sbin/route add default $route_net_gateway

This worked just fine until I've upgrade to Mountain Lion. I've upgrade to the latest Tunnelblick beta release but the script above seems to not work (I think because of permission issues, still looking into this)

Solution 3

I found that this is a very accessible question (from a SEO perspective), and the solution that worked well for me is found here: https://gist.github.com/taldanzig/4628573

Only one command is required. I am on MacOS Mojave 10.14.6 using Tunnelblick with an OpenVPN config, on a LAN on which the same address 192.168.1.5 is used by a local device (smart TV or something, for example) and by the device I want to connect to services on in the VPN remote LAN.

So, simply issue ifconfig while connected to the VPN to find the name of the VPN interface, in this case utun3. Then,

sudo route add -host 192.168.1.5 -interface utun3

There seems to be no need to delete existing routes to this address, and connectivity to this host is immediate, no reconnecting is required. Neither does there seem to be any need to clean this route up later, I suppose it just disappears when the interface goes away when the connection is lost.

This is very handy when you are on the go and cannot easily change the subnet of the remote network or local network to deconflict them or find a different VPN tech that doesn't exhibit this problem.

Related videos on Youtube

39 : 19

How To Create a Corporate OpenVPN Server To Bridge Clients to the LAN

Areeb Yasir

659

04 : 14

Connect VPN using OpenVPN on MAC OS X

Ricmedia

108

18 : 47

OpenVPN Server on Synology NAS! Full Setup Tutorial to Security Connect Back Remotely on Mac or PC!

SpaceRex

86

03 : 04

How To Setup OpenVPN (tunnelblick) on macOS Mac OS X

OSPY

64

03 : 33

OpenVPN with MacOS X Client and same subnets in local and remote net (3 Solutions!!)

Roel Van de Paar

7

Author by

Daniel

Developer at IKOffice GmbH, Oldenburg, Germany.

Updated on September 17, 2022