What's new

[Solved] OpenVPN server-client: How do I get server LANs visible on client's side?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

majortom

Occasional Visitor
Hi all,

I am a noob regarding OpenVPN. But in order to get my local LAN accessible over Internet I followed several recommendations and tried to get OpenVPN working.

Following this thread I successfully get a working connection between my home router (RTAC56U) and a client on an office computer:
https://www.snbforums.com/threads/what-is-best-secure-setup-for-openvpn.37342/

I just want to get connected to my home LAN. I do not want to tunnel my Internet traffic through this VPN.

I have got a working connection, but now I am stuck. I do not see any of my LAN resources on client's side.

My setup:

Router Asus RTAC56U, firmware 380.65

Home LAN at 192.168.1.0 255.255.255.0
Office LAN at 10.0.0.0 255.255.255.0
OpenVPN client's LAN at 10.8.0.2 255.255.255.0

OpenVPN Server advanced settings:

Interface Type: TUN
Protocol: UDP
Server Port: 1194
Firewall: Auto
Authorization Mode: TLS
Username/Password Auth: Yes
TLS control channel security: Encrypt channel
Auth digest: SHA1
VPN Subnet / Netmask: 10.8.0.0 255.255.255.0
Poll Interval: 0
Push LAN to clients: Yes
Direct clients to redirect Internet traffic: No
Respond to DNS: No
Advertise DNS to client: No
Cipher Negotiation: Enable (with fallback)
Negotiable ciphers: AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
Compression: Disabled
TLS Renegotiation Time: -1
Global Log verbosity: 3
Manage Client-Specific Options: No

Is there anything I have to do to make those LAN resources visible on client's side?
Did I made anything wrong? Do I have to set those two DNS option to "yes"?
Do I have to add push "route 192.168.1.0 255.255.255.0" to the custom configuration?
 
What do you mean by "visible". Can you ping your home devices using their IP address?
 
Ah, I see. I did not understand where to look for my home LAN devices.

I can ping my home devices. And I can access them using IPs (192.168.1.100 for instance) and an internet browser.
Great! :)

I looked for my home devices in the network tab in my Windows Explorer. I was hoping I could see them there.
Is there any possiblity using network names instead of IPs? Should I use the router's DNS for this by turning on "respond to DNS" and "advertise DNS to client"?
 
Last edited:
Trying to get Windows Explorer to see your home LAN can be problematic because the broadcast traffic used by NetBIOS doesn't go across the TUN connection. You could use a WINS server I suppose, but that starts getting ugly because your home workgroup or domain is probably going to conflict with that used in the office. Probably best not to go there unless you have the help of the office IT department.

(As an aside, depending on your particular workplace, connecting to an unauthorised external network is a security risk and possibly grounds for dismissal. Just saying.)

If you use your home router's DNS server you should be able to use names rather than IP addresses.
 
I tried name resolving with DNS. Success! :)

First I had to enable "respond to DNS" and "advertise DNS to client" in the advanced settings of OpenVPN server. Then I had to use a domain name in the appropriate field in the LAN-DHCP server settings.

After that I can now reach my home LAN devices by using their proper names e.g. device.domain

Thanks for your help!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top