Menu
What's new
By:
Filters Better Search

OpenVPN without win firewall modification

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

Rooby

Regular Contributor
Helllo,

I have two RT-AC66U router configured for OpenVPN.
One is configured as server and the other one for client.
Everything works well but I have no connection between both LANs behind without modifying or disabling the windows firewall on both PC connected to the routers.

IP range config is:
LAN Server 192.168.1.0/24
LAN Client: 192.168.2.0/24
OpenVPN: 10.0.1.0/24

When I disable the windows firewall on the PCs behind the server and client LAN then I can access the shared drives, remotec ontrol the PC etc.
But I do not want to modify the firewalls.
Is it possible via iptables configuration in both routers for SNAT or masquerade to overcome this issue?
I have tried different configs but I anly could get a ping but not shared drives or remote desktop.
Has anyone such a config or any ideas?

Thanks
 
Make sure you do have "Create NAT on Tunnel" enabled on the OpenVPN client webui.
 
then you still have to alter the windows firewall as the tunnel net address differs from the lan address( 10.0.1.0/24 versus 192.168.2.0/24).

Only thing you can do is configure your vpn with a tap interface so if you connect with the vpn server your tunnel endpoint is in the lan address space, then you don't have to alter the windows firewall, if you trust local traffic that is...
 
OK, but is it not possible to do somehow a NAT to the local LAN IP range that the firewall will accept it?

RMerlin said:
Make sure you do have "Create NAT on Tunnel" enabled on the OpenVPN client webui.
Click to expand...
Yes it is enabled.
 
Has someone any idea ?
Unfortunately the win 7 firewall does not allow to export/import a single rule.
So I have to manually add an entry on each PC to get a OpenVPN connection between the PCs behind the two routers on their subnets.
But I still want to use a TUN device.
 
there's no way you will be able to use a tun interface and have it have its entpoint in the lan network. In order to do so you need to use the tap interface.
 
But I still have the hope to do somehow a NAT on the router to he local subnet and hide the real source address.
I guess the firewall will allow it if the source adress is in the same subnet.
 
You must log in or register to reply here.

Similar threads

P
Connect OpenVPN server with Client networks
Replies
3
Views
621
L&LD
L&LD
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
133
MNBob
M
M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
337
elorimer
E
B
Firewall lan - vpn?
Replies
0
Views
285
blast
B
E
OpenVPN TAP internet access problem
Replies
0
Views
88
elorimer
E
Similar threads
Thread starter Title Forum Replies Date
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
R OpenVPN keeps on turning itself off Asuswrt-Merlin 40
M Best router for wireguard or openVPN Asuswrt-Merlin 1
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
A Upgraded my ASUS, issues with NordVPN via OpenVPN Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3
M For AX68U and AX86S Merlin users: openvpn server - max user qty? Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,046 (members: 37, guests: 1,009)
Top