Can't connect to LAN after connecting to OpenVPN server

[dreadnought]

Running 384.5_alpha2-gcc44562 on RT-AC87U. I have been unable to connect or even ping any of the devices on my LAN (192.168.1.x) after connecting to the OpenVPN server, except my RT-AC87U which I can connect to fine as soon as the VPN is connected. In an earlier version of the Merlin firmware, I vaguely remember quickly setting up an OpenVPN server and being able to ping all the devices on my LAN as soon as I was connected to it.

Am I doing anything stupid in my OpenVPN server configuration?

 

[dreadnought]

Does anyone know if some kind of specific rule needs to be setup in the Firewall section, the OpenVPN "Custom Configuration", or elsewhere to allow the VPN subnet to talk to the LAN subnet? I tried enabling "Advertise DNS to clients" and that did not help - I was still unable to ping any of my LAN devices (other than my RT-AC87U) after connecting to the VPN.

I'm wondering if a specific rule needs to be setup because I have seen this done in other OpenVPN situations where the VPN connected clients wanted to talk to the LAN (on pfsense), but my vague recollection from a year or more ago when I last setup an OpenVPN server with the Merlin firmware is that I did not have to do this.

 

[elorimer]

Out of curiousity, how did you end up with the subnet being 192.168.2.0/255.255.255.248 instead of 10.8.0.0/255.255.255.0, which I think is the default?

 

[dreadnought]

Out of curiousity, how did you end up with the subnet being 192.168.2.0/255.255.255.248 instead of 10.8.0.0/255.255.255.0, which I think is the default?

I think that was because I couldn't ping anything on my LAN with the default settings, so I tried to make my VPN and LAN subnet the same... which gave me an error right away. So then I just tried a subnet that was close, ending up with 192.168.2.0 (and the netmask I chose just because I don't need many clients connected simultaneously). I will change the VPN subnet to anything that will allow me to ping my LAN devices!

 

[ColinTaylor]

What are the devices you are trying to ping on your LAN? If they are Windows PC's then the Windows Firewall will block it because the VPN client is not part of the local subnet.

If this is your problem then you either need to make an exception in the Windows Firewall for the VPN client network (10.8.0.0/24 by default), or change your VPN server from TUN to TAP (with all that implies).

 

[dreadnought]

What are the devices you are trying to ping on your LAN? If they are Windows PC's then the Windows Firewall will block it because the VPN client is not part of the local subnet.

If this is your problem then you either need to make an exception in the Windows Firewall for the VPN client network (10.8.0.0/24 by default), or change your VPN server from TUN to TAP (with all that implies).

They are things like my cameras and printer that I can ping and connect to fine if I'm on my LAN, but if I connect via the VPN the only thing I can ping or connect to on my LAN is my RT-AC87U which is 192.168.1.1.