Openvpn cant access local network

Hi communauty!

I have set up 2 ER7206 for a LAN2LAN usage. I set it up using IPSEC. It work's perfectly in a local usage, ie machines connected behind router can see each other.

It looks like this:

LAN1 <-> Main site [ER7206] <- internet -> remote site [ER7206]  <-> LAN2

Then I have set up a VPN access at the main site (on LAN1).

Before last firmware, I have only access to LAN1 using PPTP

With new firmware ( ER7206(UN)_V1_1.2.0 Build 20220117 ), VPN access from LAN1 is working with L2TP and PPTP: connected from home to LAN1 I can access all machines on LAN1 and LAN2: Good!

(For L2TP I have to change some registry keys in  my W10 box)

But I have an issue using OpenVPN (new feature of firmware and preferred client VPN). The server setup is simple and fast but the connection give me access only to LAN1. No way to access LAN2.

OpenVPN client give me an IP in a dedicated range outsite LAN1 (as set up) with a fix net mask 255.255.255.252 and without gateway!

Here is what I have (french) coonceted using OpenVPN from home

   Suffixe DNS propre à la connexion. . . :
   Adresse IPv6 de liaison locale. . . . .: xxxx
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.100.6
   Masque de sous-réseau. . . . . . . . . : 255.255.255.252
   Passerelle par défaut. . . . . . . . . :

LAN1 is like 192.168.10.0/24 Router 192.168.10.1

IP get using OpenVPN is in 192.168.100.0/24 (yes /24 and I have a /30 netmask)  : no way to get an IP from an IP pool: we have only an input for an IP no a VPN IP Pool.

Basically, I though I ad to define one VPN IP pool per VPN access (L2TP, PPTP, OpenVPN), but VPN IP pool is used only by PPTP and L2TP

It was the same issue using PPTP with previous firmware: the IP was on LAN but no route to LAN2. It is fixed now.

I have the following using PPTP when connected from home:

  Suffixe DNS propre à la connexion. . . :
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.10.8
   Masque de sous-réseau. . . . . . . . . : 255.255.255.255
   Passerelle par défaut. . . . . . . . . : 0.0.0.0

I have the following using L2TP when connected from home:

  Suffixe DNS propre à la connexion. . . :
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.10.8
   Masque de sous-réseau. . . . . . . . . : 255.255.255.255
   Passerelle par défaut. . . . . . . . . : 0.0.0.0

=> It is consistent

My IP is linked on LAN to a 192.168.10.xx IP  set up in user configuration: everything is OK!

For OpenVPN: Is it a firmware issue or did I miss something?

Thanks for help!

1. 06-28-2021 02:24 PM #1

   

   ROG Member Array

   ---

   Setting up access to LAN with OpenVPN?

   I have my OpenVPN setup and configured, and I can connect - but the only thing I can access is the router itself.

   I do have the configuration set to push LAN to clients, and my config allows clients to access LAN and Internet - but I still cannot connect (or even ping) anything that is on the LAN tht is not the router itself.

   any ideas?

   -EDIT : Actually, I think I am seeing the issue... I have some NetGear switches plugged into my ASUS Router, and it is the devices plugged into those switches that I am not able to reach. I am assuming a static route is needed somewhere?

   Last edited by CanadaBri; 06-28-2021 at 02:27 PM.

   ---

2. 06-28-2021 10:40 PM #2

   

   TeamROG Moderator Array xeromist PC Specs

   xeromist PC Specs
   Laptop (Model)	Intel NUC laptop LAPQC71D
   Motherboard	ROG Crosshair VIII Dark Hero
   Processor	AMD 5800X
   Memory (part number)	32GB G.Skill Ripjaws V 3600
   Graphics Card #1	ROG Strix RTX3090Ti
   Sound Card	Sound Blaster Z
   Monitor	AORUS FV43U
   Storage #1	Samsung 970 Pro 512GB
   CPU Cooler	Custom loop
   Case	BeQuiet Dark Base Pro 900 V2
   Power Supply	Corsair HX1000
   Keyboard	ROG Strix Flare II Animate
   Mouse	ROG Chakram X
   Headset	Steelseries Arctis Pro Wireless
   Mouse Pad	ROG Scabbard
   Headset/Speakers	Logitech z906 5.1
   Network Router	pfSense/OPNsense

   

   ---

   Unless your switches are doing network segmentation with vlans or something a normal switch should be transparent. Any chance you can test plugging something directly into the router to be sure?

   ---

3. 07-02-2021 12:32 PM #3

   

   ROG Guru: Orange Belt Array

   

   ---

   In order for your for you to get access to your lan you need to add a client1 user like I have in the picture attached. You will need to change the subnet to what you have configured in your vpn settings. Also if you are using the VPN fusion along side the VPN server make sure the VPN fusion and VPN server subnets don't conflict. You can check the routing tab under logs. TUN21 will be your routing for the VPN server. Tun15 will be vpn fusion.

   
   Miniatura de Adjuntos  

   Last edited by HK-47; 07-02-2021 at 12:49 PM.

   -Desktop-
   Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
   Asus Theta 7.1 Headset

   ---

4. 10-29-2021 02:49 PM #4

   

   ROG Member Array

   ---

   

   Originally Posted by HK-47

   

   In order for your for you to get access to your lan you need to add a client1 user like I have in the picture attached. You will need to change the subnet to what you have configured in your vpn settings. Also if you are using the VPN fusion along side the VPN server make sure the VPN fusion and VPN server subnets don't conflict. You can check the routing tab under logs. TUN21 will be your routing for the VPN server. Tun15 will be vpn fusion.

   Just asking to clarify,

   If my local LAN subnet is (for example) 192.168.123.0 and my VPN subnet is 10.8.0.0 (I think that is default?)... are you saying to change the VPN subnet config to the LAN config, or to change the subnet setting on the user to my LAN subnet?

   ---

5. 11-01-2021 01:02 PM #5

   

   ROG Guru: Orange Belt Array

   

   ---

   You need to make the client1 match your vpn subnet settings. See in my picture my vpn subnet is 10.100.0.0 and client1 is 10.100.0.0. You would need to make client1 10.8.0.0.
   Also make sure everything else is checked like my picture.

   Also If you look at the routing log when the server is setup you should see
   10.8.0.0 to 10.8.0.2 tun21
   then
   10.8.0.2 to * tun21
   The * is your everything on the router.

   Last edited by HK-47; 11-01-2021 at 01:09 PM.

   -Desktop-
   Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
   Asus Theta 7.1 Headset

   ---

6. 11-01-2021 01:19 PM #6

   

   ROG Guru: Orange Belt Array

   

   ---

   Also I don't use the default 10.8.0.0 vpn subnet because I also use vpn fusion that connects to Nord vpn. Nord was handing out 10.8.0.0 address and it was conflicting with the vpn server on the router. They were both giving out the 10.8.0.0. So when clients would connect to my vpn server on the router they were being routed to NordVPN.

   -Desktop-
   Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
   Asus Theta 7.1 Headset

   ---

7. 11-01-2021 01:41 PM #7

   

   ROG Guru: Green Belt Array Jimbo93 PC Specs

   Jimbo93 PC Specs
   Laptop (Model)	ABS Master Gaming PC
   Motherboard	ASUS Prime B560M-A AC
   Processor	INTEL i5 10400F
   Memory (part number)	G.SKILL F4-3200C16D-16GVKB x 2
   Graphics Card #1	ASUS DUAL-RTX3060TI-O8G-V2
   Sound Card	RealTek HD
   Monitor	SAMSUNG 40" LCD
   Storage #1	INTEL 660p NVMe SSD PEKNW512GB
   CPU Cooler	THERMALTAKE UX100 ARGB
   Case	TUF GAMING GT301
   Power Supply	ASUS TUF GAMING BRONZE 650W
   Keyboard	TUF GAMING K1
   Mouse	TUF GAMING M3
   Headset/Speakers	Cambridge Works PC
   OS	Win 11 Pro 21H2 22000.652
   Accessory #1	Windows Feature Experience Pack 1000.22000.652.0

   ---

   

   Originally Posted by CanadaBri

   

   I have my OpenVPN setup and configured, and I can connect - but the only thing I can access is the router itself.

   I do have the configuration set to push LAN to clients, and my config allows clients to access LAN and Internet - but I still cannot connect (or even ping) anything that is on the LAN tht is not the router itself.

   any ideas?

   -EDIT : Actually, I think I am seeing the issue... I have some NetGear switches plugged into my ASUS Router, and it is the devices plugged into those switches that I am not able to reach. I am assuming a static route is needed somewhere?

   Switches shouldn't matter. Did you set up DHCP with static address for the client(s) on the LAN? The client hardware address is entered there in the router, then DHCP always gives same address to the client, even though client is set to automatic DHCP. Port forwarding is the other part to get through the router firewall. That directs the incomming traffic on a port to the client by the private IP address.

   Not sure if is this is helpful, but when I needed to VPN into my office from home without opening ports on a router, I would have the office computer automatically establish a tunnel out to the home computer. Been awhile now and the details are a little foggy.

   ---

8. 11-03-2021 01:17 AM #8

   

   New ROGer Array

   ---

   Same issue here

   I matched the setting in the images exactly and I still can't get LAN thru TUN... In fact my friend has the exact same router and I tried it with his and he also has the same issue. I'm starting to wonder if it is a firmware problem. When I try TAP the VPN connection becomes unstable and the TAP Adapter goes from showing internet to no internet repeatedly every 30 seconds to one minute... This also happens on my friends router. Pretty much OpenVPN is completely non-functional on 2 routers. I have even completely reset the router and same problems return. I'm tempted to try an older firmware if this router lets you downgrade just to see what happens. Any thoughts? Thank you for your time guys!

   Update: Keep playing with and in part realized the error of ways.. so when I reset the router I forget to give the NAS a static IP back so I was sending a ping to the wrong IP. With the settings from HK-47 I do in fact have LAN access to at least ping but I am unable to access the NAS ( //nas ) via file explorer or map a network drive via IP and I can not see any other clients on the LAN under file explorer either. I still have no idea why TAP acts up or I would just use that.

   Last edited by JayH1998; 11-03-2021 at 02:37 AM. Reason: Added more info and thoughts

   ---

9. 11-03-2021 02:26 PM #9

   

   ROG Guru: Orange Belt Array

   

   ---

   It should be \\ip of nas\

   you are using //?

   Also check if you can get to the web interface of the NAS over vpn. If so check the firewall settings of the NAS. I have a Synology Nas connected to my router and am able to get to it over VPN. Also turn the firewall off on windows and the NAS and the check the firewall on the router. If you can ping it it should be working. Also make sure you re-download the config file. Are you using windows? If so do you have the file discovery turned on?

   Can you show a screen shot of your routing log from the router? And what ststic ip address are you using for the NAS? Can you access the NAS locally on the network without vpn?

   Last edited by HK-47; 11-03-2021 at 02:51 PM.

   -Desktop-
   Asus Crosshair VIII Dark Hero / AMD 5800x / 32GB Corsair Dominator Platinum RBG (CMT32GX4M4C3600C18) @ 3800 /2x Sabrent 1TB Rocket NVMe 4.0 (Raid 0)/ 1x Samsung 860 Evo SSD / Corsair AX1200 PSU / ASUS Strix Helios Case / Corsair HydroX Custom Loop D5, CX7, XG7 420+280 Rad/ Asus Strix 3090 / Asus PG35VQ Ultrawide Monitor / Corsair Commander PRO 3x ql120, 4x ql140 fans / Edifier 1850DB Speakers + T5 Sub /
   Asus Theta 7.1 Headset

   ---

10. 11-05-2021 04:03 PM #10

    

    ROG Member Array

    ---

    

    Originally Posted by HK-47

    

    Also I don't use the default 10.8.0.0 vpn subnet because I also use vpn fusion that connects to Nord vpn. Nord was handing out 10.8.0.0 address and it was conflicting with the vpn server on the router. They were both giving out the 10.8.0.0. So when clients would connect to my vpn server on the router they were being routed to NordVPN.

    Thanks - I have changed my VPN IP setting to 10.100 also.

    I had created a VPN user in the main menu are (VPN > OpenVPN).

    When you go to advanced settings, and have client specific options... I assume this is a different user now? I would have to use a different user name, or delete the other one and add it here?

    ---

Tags for this Thread

Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•  

• BB code is On
• Smilies are On
• [IMG] code is On
• [VIDEO] code is On
• HTML code is Off

Forum Rules

How do I connect OpenVPN to my home network?

Why is my OpenVPN not connecting?

Should I enable compression on OpenVPN?

Is OpenVPN no longer free?