1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN client cannot access side-by-side VPN

Discussion in 'VPN' started by MarkusI, Feb 25, 2019.

  1. MarkusI

    MarkusI New Around Here

    Joined:
    Jan 2, 2017
    Messages:
    2
    Hi,
    (I hope I do not use the wrong terminology here).

    I have a ASUSWRT 384.9 RT-AC68U router running an OpenVPN server (10.9.0.x).
    Connecting to that server is working like a charm and also accessing local LAN IP addresses (192.168.1.x) as well.

    Additionally, my router acts as a an OpenVPN client itself to a second router (OpenVPN IP 10.8.0.x / remote LAN Ips 192.168.10.x).

    When I am connected to the WLAN directly, I can access the remote LAN Ips without any problem.
    But when I am connected to the 10.9.0.x OpenVPN with my laptop as a client, I cannot.

    My laptop-local routing tells me accessing the 192.168.10.x Ips goes though my OpenVPN gateway as it should.
    But it seems then it gets all stuck.

    Any hint where I should look further?

    Thanks
    Markus
     
  2. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    233
    Several possible problems here.

    If the OpenVPN client on the router is configured to make the remote network the new default gateway (typical seen w/ a commercial OpenVPN service provider, e.g., PIA), then you won't be able to access the local network behind that router when using the OpenVPN server (which is over the WAN) because the replies are being sent over the OpenVPN client! What you want/need is for the replies of the OpenVPN server to be sent back over the WAN. There are ways to resolve that issue, including preventing the OpenVPN client from making itself the default gateway, and using policy based routing to only force specific LAN devices over the OpenVPN client. And as long as that doesn't include the router itself, you'll be able to connect to the OpenVPN server again.

    A secondary problem is if you expect to reach the remote network of the OpenVPN client from clients of the OpenVPN server, you may have to NAT the OpenVPN server's tunnel network over that OpenVPN client. Because if it happens that the only network being NAT'd over that OpenVPN client is that of the local network, then *only* the local network has access to that remote network. The remote devices of the OpenVPN client *see* the actual IP address of those clients from the 10.0.9.x network. And of course they don't know how to route that traffic back. So you need to NAT that network too, not just the local network.