What's new

OpenVPN client cannot access side-by-side VPN

MarkusI

New Around Here
Hi,
(I hope I do not use the wrong terminology here).

I have a ASUSWRT 384.9 RT-AC68U router running an OpenVPN server (10.9.0.x).
Connecting to that server is working like a charm and also accessing local LAN IP addresses (192.168.1.x) as well.

Additionally, my router acts as a an OpenVPN client itself to a second router (OpenVPN IP 10.8.0.x / remote LAN Ips 192.168.10.x).

When I am connected to the WLAN directly, I can access the remote LAN Ips without any problem.
But when I am connected to the 10.9.0.x OpenVPN with my laptop as a client, I cannot.

My laptop-local routing tells me accessing the 192.168.10.x Ips goes though my OpenVPN gateway as it should.
But it seems then it gets all stuck.

Any hint where I should look further?

Thanks
Markus
 

eibgrad

Senior Member
Several possible problems here.

If the OpenVPN client on the router is configured to make the remote network the new default gateway (typical seen w/ a commercial OpenVPN service provider, e.g., PIA), then you won't be able to access the local network behind that router when using the OpenVPN server (which is over the WAN) because the replies are being sent over the OpenVPN client! What you want/need is for the replies of the OpenVPN server to be sent back over the WAN. There are ways to resolve that issue, including preventing the OpenVPN client from making itself the default gateway, and using policy based routing to only force specific LAN devices over the OpenVPN client. And as long as that doesn't include the router itself, you'll be able to connect to the OpenVPN server again.

A secondary problem is if you expect to reach the remote network of the OpenVPN client from clients of the OpenVPN server, you may have to NAT the OpenVPN server's tunnel network over that OpenVPN client. Because if it happens that the only network being NAT'd over that OpenVPN client is that of the local network, then *only* the local network has access to that remote network. The remote devices of the OpenVPN client *see* the actual IP address of those clients from the 10.0.9.x network. And of course they don't know how to route that traffic back. So you need to NAT that network too, not just the local network.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top