chairmanmao
Posts: 19
Joined: Fri Dec 04, 2015 9:32 pm

Letting OpenVPN subnet see my LAN

Wed May 22, 2019 11:01 pm

I have set up OpenVPN on my Pi3 running Stretch, in tunneling mode, on my LAN, and can access it remotely (e.g., from my iPhone). The VPN connection gets an address assigned to it from the subnet I configured within server.conf (192.168.5.0/24, in my case). The Pi also runs dnsmasq for my LAN. The LAN subnet is 192.168.1.0/24. The Pi's eth0 address is fixed at 192.168.1.5.

What's confusing me is that I if I try to use, say, RD Client to access one of the machines on my LAN from my iPhone while the VPN connection is live, it fails because it can't find the target machine. Yet if I use something like Telnet Lite to make a terminal connection to the Pi by specifying an IP address (rather than a host name), >>that<< succeeds, no problem. It seems like the VPN connection isn't accessing the dnsmasq service running on the Pi.

I thought I could resolve this by adding the following to the openvpn server.conf file:

Code: Select all

push "route 192.168.1.0 255.255.255.0 192.168.1.254"
push "dhcp-option DNS 192.168.1.5"
but that didn't work (same problem).

How do I configure things to give the VPN connections full bidirectional access to the LAN?

User avatar
default_user8
Posts: 678
Joined: Mon Nov 18, 2013 3:11 am

Re: Letting OpenVPN subnet see my LAN

Thu May 23, 2019 2:49 am

Did you start with pivpn or did you install openvpn server from apt? The default pivpn setup should work, but if not here is a link to a default server.conf file that should help.
https://gist.github.com/laurenorsini/9925434
Two heads are better than one, unless one's a goat head.

chairmanmao
Posts: 19
Joined: Fri Dec 04, 2015 9:32 pm

Re: Letting OpenVPN subnet see my LAN

Thu May 23, 2019 4:30 am

Thanx for the quick reply.

Turns out I'd made a stupid mistake because I'd been spending hours trying to get an openvpn tap setup working -- which involves creating a bridge out of eth0 and tap0 -- and I forgot that the tun0 interface set up by openvpn when it's running in tunnel mode isn't automatically listened to by dnsmasq (which is my DNS/DHCP server).

Making sure the following two lines:

Code: Select all

interface=eth0
interface=tun0
were in the dnsmasq configuration solved the problem. Without that second line, no DNS resolution requests coming from the remote VPN clients were being resolved, hence the devices on my LAN appeared to be "invisible".

Return to “Networking and servers”