access to openvpn server

[andresmorago]

Hello

Im setting up a openvpn server on a remote asus router (AC56R).

Router ip is 192.168.1.1
Router openvpn server ip is 10.0.3.1

openvpn is working ok. i can remotely connect from another asus router (client #2) . ip address that i get is 10.0.3.2

i have these 2 lines on the openvpn server custom configuration

push "route 192.168.1.0 255.255.255.0"
push "route 10.0.3.0 255.255.255.0"

i need to be able to access from my windows client to the routers web gui. here are my issues:

*10.0.3.1 is pingable but no web gui access
*192.168.1.1 is not pingable and no web gui access

i will appreciate your help

-andres

 

[ColinTaylor]

You shouldn't need either of those push statements. The first one ought to be automatically created by the "Push LAN to clients" option in the GUI, and the second one is not needed as that is the tunnel address.

Is the LAN subnet of the client different from that of the server, e.g. not 192.168.1.x ?

 

[andresmorago]

hello
thanks for the feedback. i will remove the push statements.

regarding the lan subnet of the client, yes, its different.

server lan ip: 192.168.1.1
server openvpn ip: 10.0.3.1
client ip: 10.0.3.2

i need to be able to access 10.0.3.1 from 10.0.3.2. right now i can ping but cant access tcp ports

 

[ColinTaylor]

Can you confirm the LAN IP address and netmask for the client router please.

 

[andresmorago]

hi

sorry. i didnt give you the information

router running openvpn client
10.0.0.1
255.255.255.0

 

[ColinTaylor]

That all looks OK.

Can you ping any other IP addresses on 192.168.1.x, for example a network printer? If you're pinging a Windows PC you'll probably have to temporarily turn off its firewall.

 

[andresmorago]

hi

from the openvpn client i cant ping any of the 192.168.1.x addresses. none of the devices are accessible from 10.0.3.0. none of the devices on 192.168.1.x are windows based.

i can ping the openvpn server 10.0.3.1 but router web gui isnt accesible

 

[ColinTaylor]

If you try connecting with a different type of client, like a mobile phone app, does that work?

 

[bbunge]

Set your client router to an ip address other than 192.168.1.1


Sent from my SM-T380 using Tapatalk

 

[ColinTaylor]

Thinking about this a bit more, I think you need to tell the server about the client's subnet and how to get to it. So I'd guess you would need something like this in the VPN server custom config:

iroute 10.0.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0

 

[andresmorago]

Thinking about this a bit more, I think you need to tell the server about the client's subnet and how to get to it. So I'd guess you would need something like this in the VPN server custom config:

iroute 10.0.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0

hi @ColinTaylor
somehow adding these 2 lines crashed my openvpn server and i no longer can access the server . i didnt have a backup access path this time so ill have to be on site tomorrow in order to restore access.

 

[andresmorago]

Set your client router to an ip address other than 192.168.1.1


Sent from my SM-T380 using Tapatalk

thanks bbunge but its not possible at this moment since i already have several clients on each network and it would mean to change a lot

 

[ColinTaylor]

Have a look at this thread. If I'm reading it correctly it means that you can use the "Manage Client-Specific Options" and then add the subnets in the "Allowed Clients" list. No need to specify iroute and route.