Setting up OpenVPN to access two LANs
-
Hi,
I am a PLC programmer and we currently are using OpenVPN to remote into our office's 192.168.2.x network. I am trying to set the configuration up so that I can remote into that .2 network but also access our 192.168.1.xx network that our PLCs are on. How can I add the .1 network to my OpenVPN settings?
Thanks.
-
@jdavis0221
Add both networks with the mask in CIDR notation into the the "IPv4 Local Networks" field in the server settings, separated by a comma. -
So I tried that and I still cannot ping nor see anything on the 192.168.1.xxx network.
I currently have 192.168.2.0/24,192.168.1.0/24 in the "IPv4 Local Networks" field. I can see the file server on the 192.168.2 network but nothing on the .1 -
I am wondering if I need to set the 192.168.1.xx network up as another LAN under interface assignments.
-
@jdavis0221 said in Setting up OpenVPN to access two LANs:
I am wondering if I need to set the 192.168.1.xx network up as another LAN under interface assignments.
Does this mean, both networks are on a single network interface?
Are there firewall rules on the servers OpenVPN allowing the access to 192.168.1.x?
Is the server the default gateway in both networks and does the PLC host have internet access?
Consider that the remote host may block access from outside of its subnet.
-
@viragomann
The 192.168.1.x network is just an internal network going back to the switch. The PLC network does not have internet access. Our WAN comes into the pf sense firewall, out to the 192.168.2.x LAN network which is also connected to the same switch that the 192.168.1.x LAN is on. I have a firewall rule on OpenVPN to all IPv4 traffic. -
@jdavis0221 said in Setting up OpenVPN to access two LANs:
The 192.168.1.x network is just an internal network going back to the switch. The PLC network does not have internet access. Our WAN comes into the pf sense firewall, out to the 192.168.2.x LAN network which is also connected to the same switch that the 192.168.1.x LAN is on.
Two different L2 networks on an L2 switch?
What you wrote doesn't attest that the PLC uses a gateway. If not it cannot communicate with IPs outside of its own subnet. It's possible to access the hosts though from remote, but that needs an outbound NAT rule.
Additionally pfSense needs to have an IP in that subnet.