VPN server to the local LAN

NethServer Version: latest

Hi
After have search a little I think I understand why I did got so much problem with the nethservers VPN server :slight_smile:

When I did config and got everything to work I can connect to the nethservers VPN server but no other computer in the local LAN.

What I did read I did have to reroute the VPN network to the LAN network from my router.
Now that is a problem, I helping a friend to setup a VPN server but his router is not any advance or I have problem to understand how to make it work.
Is it possible from nethserver make a reroute without do something with the router??

Normally I can access also to LAN PCs with a VPN tunnel.
Can you post your VPN config?

AFAIK this is true only if the Nethserver is the gateway of the LAN.

I think that the OP has a configuration where the Nethserver is only a server inside the LAN

I proposed this solution:

1 Like

I don’t think that can be possible.
Anyway, for use as a VPN gateway, NethServer must have at least two network zones (RED and GREEN).

1 Like

yes the VPN server is just a server and no gateway.
The router in the LAN is the gateway.

Hmm ok then is not so easy for me to fix this.

I know with a old OpenVPN I did use iptable and “POSTROUTING” to connect to the LAN from VPN.
But this is maybe not possible with nethserver VPN.

But I have see the nethserver have firewall, maybe is possible to use that to reroute my traffice from my VPN to LAN??

hmm I know I have got it to work when I did use Ubuntu and config my own OpenVPN

What do you think to use SSH tunnels in this case? (Final user has to be a little bit expert…)

I think you just need to add a static route to your router as @saitobenkei suggested.

The problem is that your router does not know about the VPN network on your Nethserver so it cannot route correctly.

Going to ask my friends what kind of router he have so I can see how to make a static route

ok I was thinking first install the VPN server and then see if I can remote connect to it and the config file was ok to import into client but when I trying to connect it say “connect error: missing external pki alias”
Have no idea what it mean??

Which VPN client (OS, device) do you use?

OpenVPN connect on Windows 7

Never tested openvpn connect. Did you try openvpn gui, it works for me.

Plus one for OpenVPN GUI, used on at least 10 installations

1 Like

Ahh ok, I can try that when I get home :slight_smile:

Have now talk to my friend and he have a TP-Link ER5120 and when I look at the support page it have static routing.
But I have no idea what to write to get it to work. I have found a picture of it
http://screenshots.portforward.com/routers/TP-Link/TL-ER5120/Static_Route.htm

And I can see it have
Destination
Subnet Mask
Next Hop
Interface
Metic
Description
Status.

My routing mode is
Network: 17.77.0.0
Netmask: 255.255.255.0

And his LAN network is
192.168.0.0
255.255.255.0

Have working with this sometime now and I just want to get it to work.

If I can guess it is something like this

Destination: 17.77.0.0
Subnet Mask: 255.255.255.0
Interface: LAN1

In the “Next Hop” field put the IP of your Nethserver (192.168.0.something)

(that 17.77.0.0 is horrible…)

lol yes I know it is not a nice but I did just follow a guide.
I do not want to use 192.168 but I can change it to 172. to make it looks better :slight_smile:

so

Destination: 17.77.0.0 (or 172.16.0.0 when I change it to that)
Subnet Mask 255.255.255.0
Interface: LAN
Next Hop: 192.168.0.35 (this is the IP to the nethserver)

:smiley: :+1:

I think it’s correct.

hmm have now done that but I can’t connect to anything?

I can now connect with a client from a ipad to my VPN server and I can see in the status in nethserver that is connected. I also have a green light in the client in the iPad and the server have give the client 172.16.0.6.

But I can’t even ping the VPN server that is connect to?? (192.168.0.35)

I have enable roadwarrior server
I have select “Username and password”
I have select "Routed Mode (Network: 172.16.0.0, Netmask: 255.255.255.0)
I have select under the routed mode advanced “Route all traffic through VPN”
I have under advanced select both "Enable TZO cinoression and “Push all static routes”
Under DHCP options I have set DNS to 192.168.0.1 (Routerns DNS server)
And the UDP is 1194

You trying to ping the hostname of the Nethserver or directly the IP of the server?

Try putting in the DNS field the Nethserver IP

Remove LZO Compression and Route all traffic through VPN

If your iPad is in the same lan/wlan of the Nethserver probably the VPN doesn’t work