OpenVPN Configuration for LAN to Client Connection for Remote Support

[gordon]

I am trying to configure the OpenVPN server to allow me to ping VPN clients from the LAN.

I need to be able to use remote desktop from the LAN to connect to Clients for remote desktop to fix laptop issues remotely.

I am using 3.0.0.4.270.24 (Merlin build) on an RT-AC66U.

How do I go about setting this up? I currently have OpenVPN set up on the router that lets clients connect and interact with the LAN.

The OpenVPN server is currently set up with the follow gui options:
Start With Wan -- Yes
Interface Type -- Tun
Protocol -- UDP
Port (default)
Firewall -- Automatic
Authorization Mode -- TLS
Extra HMAC Auth -- disabled
Poll Interval -- 0
Push Lan to Clients -- Yes
Direct clients to redirect Internet traffic -- Yes
Respond to DNS -- Yes
Advertise DNS to CLients -- Yes
Encryption Cypher -- Default
Compression -- Adaptive
TLS Renegotiation TIme -- -1
Manage CLient-Specific Options -- Yes
Allow Client - Client -- Yes
Allow Only Specified clients -- No

 

[RMerlin]

I would remove "Direct clients to redirect Internet traffic" unless you have a specific reason to want your client traffic to go to your LAN and then back to the Internet (which slows down everything).

 

[gordon]

I would remove "Direct clients to redirect Internet traffic" unless you have a specific reason to want your client traffic to go to your LAN and then back to the Internet (which slows down everything).

Thank you RMerlin. When I did not have that checkbox enabled the client did not seem to want to use my local DNS.

Will unchecking that box allow the LAN to communicate with Clients? As configured, I cannot use remote desktop to connect to the clients for remote support. It does however, allow the clients to communicate with the LAN as configured.

Is this a routing issue or a OpenVPN server issue?

 

[RMerlin]

Thank you RMerlin. When I did not have that checkbox enabled the client did not seem to want to use my local DNS.

Will unchecking that box allow the LAN to communicate with Clients? As configured, I cannot use remote desktop to connect to the clients for remote support. It does however, allow the clients to communicate with the LAN as configured.

Is this a routing issue or a OpenVPN server issue?

I'm not sure if that option is what is causing your problem, but I have no problem here accessing to my desktop over RDesktop while at work.

Advertise DNs and Respond to DNS should allow name resolution to work. Note however that if your remote LAN is in the same subnet as your home LAN then you will have address conflicts (i.e. you can't have your home router on 192.168.1.1 while your work gateway is also 192.168.1.1 for instance).

 

[gordon]

I'm not sure if that option is what is causing your problem, but I have no problem here accessing to my desktop over RDesktop while at work.

Are you using RDesktop from a LAN machine to connect to the VPN Client machine? If so, that is not working for me. So I guess I just have something messed up.

Note however that if your remote LAN is in the same subnet as your home LAN then you will have address conflicts (i.e. you can't have your home router on 192.168.1.1 while your work gateway is also 192.168.1.1 for instance).

Network A was 192.168.1.0 (LAN) and Network B was 192.168.100.0 (CLIENT). I also tried it using my cell phone as a hotspot. I am using 192.168.10.0 for the VPN address range.



I am glad to know it works as expected for you. What firmware version are you using?

 

[RMerlin]

Are you using RDesktop from a LAN machine to connect to the VPN Client machine? If so, that is not working for me. So I guess I just have something messed up.

I never tried to connect back to a client, only to a machine behind the server. I have no idea if the client is supposed to be directly reachable by machines behind the server.

 

[gordon]

I never tried to connect back to a client, only to a machine behind the server. I have no idea if the client is supposed to be directly reachable by machines behind the server.

Ah... well that might be my problem. I will follow up with OpenVPN and see if this is supported. I thought it was.

I've created an account and posted a question on the OpenVPN forum here: https://forums.openvpn.net/topic13173.html

 

[somms]

I answered your question over at the OpenVPN forums.

Via OpenVPN TAP connection, I require no additional firewall rules in order to see all remotely connected clients (wireless or wired) attached to the remote wireless router...

 

[netware5]

I answered your question over at the OpenVPN forums.

Via OpenVPN TAP connection, I require no additional firewall rules in order to see all remotely connected clients (wireless or wired) attached to the remote wireless router...

Gordon,

I confirm the above. If you want to interact with remotely connected VPN clients you should configure your server and clients as TAP interface.

 

[gordon]

I answered your question over at the OpenVPN forums.

Via OpenVPN TAP connection, I require no additional firewall rules in order to see all remotely connected clients (wireless or wired) attached to the remote wireless router...

Gordon,

I confirm the above. If you want to interact with remotely connected VPN clients you should configure your server and clients as TAP interface.

Thank you gentlemen. I've been beating my head against the wall.

 

[Mynorx]

I could not figure out why when I was trying to access my freenas server from home it would not allow me to see my network shares. After banging my head for a while trying different settings I noticed that my network adapters IP address was different from my local network when I VPN into the network (you can check by opening cmd runing "ipconfig" command) . All I could access was freenas UI via ip address via the INTERNET browser. I could also type //xxx.xxx.x.xx/share - to see the files via Internet browser and download them but wasn't able to actually access the shares the way I wanted to via local network file browser.
This old post helped me piece this puzzle together.

Asus RT-AC87U firmware 3.0.0.4.382_50010 - Windows 10 on Microsoft Surface - Freenas Server 11.1-U4

LAN Tab
dhcp server/ip pool eding address changed it from 192.168.1.254 to 192.168.1.250 that left me with 3 addresses to work with.

Then I went to VPN Server - PPTP Tab
vpn details/advanced settings/client ip address/ changed it to 192.168.1.251 it auto changed the other side to 192.168.1.254.
___________________________________________________
On the OpenVPN Tab
VPN Details/Advanced Settings/ Interface Type / Change it from TUN to TAP that removes the default ip address that it wants to assign to you that puts you in a different network.

I think by default it assigns 8.8.8.10 or something like that. You want to be on the same ip range as the network you are connecting to.
I HAVENT HAD LUCK USING THIS METHOD. I RECOMMED YOU USE THE FIRST METHOD VPN SERVER PPTP.

I hope my explanation helps a someone else thats having problems. Thanks to the forum for helping me out.