OpenVPN client cannot see local network

Michael_Dahlgren_Nie · May 4, 2019, 9:59am

NethServer Version: 7.6.1810
Module: OpenVPN

My problem is that I cannot see my local network from the openvpn client.

I don’t have any problems to connect to the openvpn server, and i can also ping openvpn server local ip. But if I try to ping one of the other local servers, or try using Mail or file share, I can’t get in touch to them.

My setup looks like this:

My setup of openvpn server looks like this

I hope there is someone out there who can help me.

robb · May 4, 2019, 11:22am

Is there a route from the OpenVPN subnet to your LAN subnet?
Is the OpenVPN subnet set as trusted network?

Michael_Dahlgren_Nie · May 4, 2019, 11:47am

Hi
I am a lite bit of a newbi,
so if i understand you right:
Is there a route from the OpenVPN subnet to your LAN subnet? I do not make any kind of routes.

Is the OpenVPN subnet set as trusted network? here I do not quite know what is meant

robb · May 4, 2019, 12:49pm

I haven’t used NethServer VPN too much, but I think the route should be created during install. @mrmarkuz can you confirm this?
You can check if a route exists in terminal on NethServer with the route, netstat and/or ip commands: https://linuxcommando.blogspot.com/2008/05/how-to-display-routing-table.html

You can find ‘Trusted networks’ in server admin under Security / Trusted Networks. There should be an entry for the OpenVPN subnet there.

mrmarkuz · May 4, 2019, 1:22pm

I think there’s a static route missing on your router. Your router does not know about the vpn network and drops the ping.

Michael_Dahlgren_Nie · May 4, 2019, 4:54pm

HI robb
Here is the information you want:
Is there a route from the OpenVPN subnet to your LAN subnet?

Is the OpenVPN subnet set as trusted network?

Michael_Dahlgren_Nie · May 4, 2019, 4:59pm

I’ve tried this. but I don’t think my router supports it. as you can see it has LAN under interface.
Udklip5
My router is a Dlink DIR882

mrmarkuz · May 4, 2019, 7:04pm

It’s supported:

https://www.manualslib.com/manual/1285690/D-Link-Dir-882.html?page=79

This should work:

Name: as you like
Destination Network: 10.1.1.0
Mask: 255.255.255.0
Gateway: 172.16.0.24
Interface: WAN

EDIT:

You are right, the interface should be a LAN interface. I hope it works though.

I read it may work with another firmware:

http://support.dlink.ca/ProductInfo.aspx?m=DIR-822#Download

pike · May 5, 2019, 9:07am

Revision C.
Page 79

Michael_Dahlgren_Nie · May 5, 2019, 9:14am

Hi
OK, i have now test your setup,with the firmware version on the routes now which is 1.11.
And there I couldn’t get through to my LAN network.
Udklip6 .
So now i will download version 1.03 and test it.

Michael_Dahlgren_Nie · May 5, 2019, 9:28am

Hi
my Screen dump was from the wrong server. My bad
This is from the openvpn server:-)
Is there a route from the OpenVPN subnet to your LAN subnet?

Michael_Dahlgren_Nie · May 5, 2019, 9:51am

HI
On my Dlink, it not possible to downgrade:-(
So i cannot get ver 1.03 on it.
Udklip8 .

Does anyone have a tip?

mrmarkuz · May 5, 2019, 10:40am

Maybe you can workaround the problem with a web toolkit:

https://www.hyllander.org/content/d-link-dir-655-how-create-static-route-lan

Or maybe it’s possible make a router backup and edit the backup file to use LAN instead of WAN and restore from it.

Be careful as these steps may make your router unusable.

Another way is to degrade your router to a WLAN switch and use the Nethserver as gateway.

Michael_Dahlgren_Nie · May 5, 2019, 1:29pm

Hi
I think that because my router software is not the same, it seems that I can’t use that workaround.
so i found my “old” linksys wrt1900 AC again, and it can do it. So now it’s gone through:-)