Menu
What's new
By:
Filters Better Search

LAN access OpenVPN server side without NAT?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

Noodle04

Occasional Visitor
Hi All.

I want to use pi-hole + OpenVPN running on GCP from my RT-AC86U. After config OpenVPN server and install OpenVPN client on my RT-AC86U, everything works. However, from pi-hole side, all request come from same IP address (OpenVPN client IP). I know this caused by OpenVPN client created a NAT tunnel, when LAN access OpenVPN server, it all from same IP.

So, I tried to disable "Create NAT on tunnel" on this OpenVPN client. Now, from LAN I can reach OpenVPN client IP address, but cannot reach OpenVPN server IP address.

From router, command `route -n` shows:
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun11
10.8.0.0 is OpenVPN subnet, tun11 is OpenVPN interface.

I'm wondering what I missed in order to let router forward 10.8.0.0 subnet to OpenVPN server side?

Thanks for your help
 
Not sure I completely understand this config, but I *think* what you're saying is that your pihole is remotely accessible (perhaps on a VPS) via the OpenVPN client on the router, and OpenVPN server on the VPS. But because you've NAT the OpenVPN client, the pihole only sees the OpenVPN client's IP on the tunnel, rather than the LAN ip of the devices on the local network which are accessing the pihole.

Disabling NAT will work *provided* you configure the OpenVPN client/server as site-to-site. IOW, you have to tell the OpenVPN server about the local IP network used by your LAN in order for it to know to route it back over the tunnel!

 
GCP means Google Cloud Platform. And yes, you are right. This is exactly what I want: site-to-site OpenVPN.

Guess I mess up with client-config-dir. I should put command `iroute <lan subnet>` in ccd/<vpnclient>, but accidentally put `route <lan subnet>`. Now it works.

Thanks
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
316
elorimer
E
J
Reverse internet access through Asus-Merlin OpenVPN client.
Replies
0
Views
439
Johnco2
J
Blankedy
AC86U OpenVPN server whilst in AP mode
Replies
3
Views
364
Blankedy
Blankedy
P
Connect OpenVPN server with Client networks
Replies
3
Views
595
L&LD
L&LD
A
Port forwarding from OpenVPN Client
Replies
4
Views
808
almaster76
A
Similar threads
Thread starter Title Forum Replies Date
O Asus Router OpenVPN Server Can't Access LAN Asuswrt-Merlin 2
G RESOLVED: Lost access to WebUI from LAN, SSH is working Asuswrt-Merlin 1
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
D GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN Asuswrt-Merlin 5
J Restrict access to LAN devices from VPN connection? Asuswrt-Merlin 2
S VPN director and LAN traffic Asuswrt-Merlin 2
P Google TV on lan port drops connection Asuswrt-Merlin 5
B Firewall lan - vpn? Asuswrt-Merlin 0
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
D Bond / Link Aggregation option missing from LAN / Switch Control in UI - 3004.388.6 Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 719 (members: 13, guests: 706)
Top