Posts: 24
Joined: Fri Dec 04, 2015 9:32 pm

Letting OpenVPN subnet see my LAN

Wed May 22, 2019 11:01 pm

I have set up OpenVPN on my Pi3 running Stretch, in tunneling mode, on my LAN, and can access it remotely (e.g., from my iPhone). The VPN connection gets an address assigned to it from the subnet I configured within server.conf (, in my case). The Pi also runs dnsmasq for my LAN. The LAN subnet is The Pi's eth0 address is fixed at

What's confusing me is that I if I try to use, say, RD Client to access one of the machines on my LAN from my iPhone while the VPN connection is live, it fails because it can't find the target machine. Yet if I use something like Telnet Lite to make a terminal connection to the Pi by specifying an IP address (rather than a host name), >>that<< succeeds, no problem. It seems like the VPN connection isn't accessing the dnsmasq service running on the Pi.

I thought I could resolve this by adding the following to the openvpn server.conf file:

Code: Select all

push "route"
push "dhcp-option DNS"
but that didn't work (same problem).

How do I configure things to give the VPN connections full bidirectional access to the LAN?

User avatar
Posts: 680
Joined: Mon Nov 18, 2013 3:11 am

Re: Letting OpenVPN subnet see my LAN

Thu May 23, 2019 2:49 am

Did you start with pivpn or did you install openvpn server from apt? The default pivpn setup should work, but if not here is a link to a default server.conf file that should help.
Two heads are better than one, unless one's a goat head.

Posts: 24
Joined: Fri Dec 04, 2015 9:32 pm

Re: Letting OpenVPN subnet see my LAN

Thu May 23, 2019 4:30 am

Thanx for the quick reply.

Turns out I'd made a stupid mistake because I'd been spending hours trying to get an openvpn tap setup working -- which involves creating a bridge out of eth0 and tap0 -- and I forgot that the tun0 interface set up by openvpn when it's running in tunnel mode isn't automatically listened to by dnsmasq (which is my DNS/DHCP server).

Making sure the following two lines:

Code: Select all

were in the dnsmasq configuration solved the problem. Without that second line, no DNS resolution requests coming from the remote VPN clients were being resolved, hence the devices on my LAN appeared to be "invisible".

Return to “Networking and servers”