Setting up access to LAN with OpenVPN?

[CanadaBri]

I have my OpenVPN setup and configured, and I can connect - but the only thing I can access is the router itself.

I do have the configuration set to push LAN to clients, and my config allows clients to access LAN and Internet - but I still cannot connect (or even ping) anything that is on the LAN tht is not the router itself.

any ideas?


-EDIT : Actually, I think I am seeing the issue... I have some NetGear switches plugged into my ASUS Router, and it is the devices plugged into those switches that I am not able to reach. I am assuming a static route is needed somewhere?

[xeromist]

Unless your switches are doing network segmentation with vlans or something a normal switch should be transparent. Any chance you can test plugging something directly into the router to be sure?

[HK-47]

In order for your for you to get access to your lan you need to add a client1 user like I have in the picture attached. You will need to change the subnet to what you have configured in your vpn settings. Also if you are using the VPN fusion along side the VPN server make sure the VPN fusion and VPN server subnets don't conflict. You can check the routing tab under logs. TUN21 will be your routing for the VPN server. Tun15 will be vpn fusion.

[CanadaBri]

In order for your for you to get access to your lan you need to add a client1 user like I have in the picture attached. You will need to change the subnet to what you have configured in your vpn settings. Also if you are using the VPN fusion along side the VPN server make sure the VPN fusion and VPN server subnets don't conflict. You can check the routing tab under logs. TUN21 will be your routing for the VPN server. Tun15 will be vpn fusion.

Just asking to clarify,

If my local LAN subnet is (for example) 192.168.123.0 and my VPN subnet is 10.8.0.0 (I think that is default?)... are you saying to change the VPN subnet config to the LAN config, or to change the subnet setting on the user to my LAN subnet?

[HK-47]

You need to make the client1 match your vpn subnet settings. See in my picture my vpn subnet is 10.100.0.0 and client1 is 10.100.0.0. You would need to make client1 10.8.0.0.
Also make sure everything else is checked like my picture.

Also If you look at the routing log when the server is setup you should see
10.8.0.0 to 10.8.0.2 tun21
then
10.8.0.2 to * tun21
The * is your everything on the router.

[HK-47]

Also I don't use the default 10.8.0.0 vpn subnet because I also use vpn fusion that connects to Nord vpn. Nord was handing out 10.8.0.0 address and it was conflicting with the vpn server on the router. They were both giving out the 10.8.0.0. So when clients would connect to my vpn server on the router they were being routed to NordVPN.

[Jimbo93]

I have my OpenVPN setup and configured, and I can connect - but the only thing I can access is the router itself.

I do have the configuration set to push LAN to clients, and my config allows clients to access LAN and Internet - but I still cannot connect (or even ping) anything that is on the LAN tht is not the router itself.

any ideas?


-EDIT : Actually, I think I am seeing the issue... I have some NetGear switches plugged into my ASUS Router, and it is the devices plugged into those switches that I am not able to reach. I am assuming a static route is needed somewhere?

Switches shouldn't matter. Did you set up DHCP with static address for the client(s) on the LAN? The client hardware address is entered there in the router, then DHCP always gives same address to the client, even though client is set to automatic DHCP. Port forwarding is the other part to get through the router firewall. That directs the incomming traffic on a port to the client by the private IP address.

Not sure if is this is helpful, but when I needed to VPN into my office from home without opening ports on a router, I would have the office computer automatically establish a tunnel out to the home computer. Been awhile now and the details are a little foggy.

[JayH1998]

I matched the setting in the images exactly and I still can't get LAN thru TUN... In fact my friend has the exact same router and I tried it with his and he also has the same issue. I'm starting to wonder if it is a firmware problem. When I try TAP the VPN connection becomes unstable and the TAP Adapter goes from showing internet to no internet repeatedly every 30 seconds to one minute... This also happens on my friends router. Pretty much OpenVPN is completely non-functional on 2 routers. I have even completely reset the router and same problems return. I'm tempted to try an older firmware if this router lets you downgrade just to see what happens. Any thoughts? Thank you for your time guys!

Update: Keep playing with and in part realized the error of ways.. so when I reset the router I forget to give the NAS a static IP back so I was sending a ping to the wrong IP. With the settings from HK-47 I do in fact have LAN access to at least ping but I am unable to access the NAS ( //nas ) via file explorer or map a network drive via IP and I can not see any other clients on the LAN under file explorer either. I still have no idea why TAP acts up or I would just use that.

[HK-47]

It should be \\ip of nas\

you are using //?

Also check if you can get to the web interface of the NAS over vpn. If so check the firewall settings of the NAS. I have a Synology Nas connected to my router and am able to get to it over VPN. Also turn the firewall off on windows and the NAS and the check the firewall on the router. If you can ping it it should be working. Also make sure you re-download the config file. Are you using windows? If so do you have the file discovery turned on?

Can you show a screen shot of your routing log from the router? And what ststic ip address are you using for the NAS? Can you access the NAS locally on the network without vpn?

[CanadaBri]

Also I don't use the default 10.8.0.0 vpn subnet because I also use vpn fusion that connects to Nord vpn. Nord was handing out 10.8.0.0 address and it was conflicting with the vpn server on the router. They were both giving out the 10.8.0.0. So when clients would connect to my vpn server on the router they were being routed to NordVPN.

Thanks - I have changed my VPN IP setting to 10.100 also.

I had created a VPN user in the main menu are (VPN > OpenVPN).

When you go to advanced settings, and have client specific options... I assume this is a different user now? I would have to use a different user name, or delete the other one and add it here?