Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Full Tunnel OpenVPN need remote LAN access

    OpenVPN
    2
    7
    241
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bitvoip
      last edited by bitvoip

      I ran into a problem here hopefully there's a way to work around it.

      I have two offices with two Netgate routers. There is an IPSec tunnel between the routers, so Office 2 can access Office 1 LAN resources.
      Office 1 LAN: 10.0.2.0/24
      Office 2 LAN: 10.0.3.0/24

      Office 2 is outside the US and some websites they use are blocked for outside the US. So I created OpenVPN server with client export with option "Force all client-generated IPv4 traffic through the tunnel" which is basically a full tunnel. It works fine and routes all client traffic tru Office 1, but I lost access to the Office 1 LAN subnet 10.0.2.0/24 where they are accessing a certain app.

      Users are connecting vie the OpenVPN connect app.
      How can I preserve the OpenVPN full tunnel connection and have access to the Office 1 LAN subnet?

      Thanks.

      T 1 Reply Last reply Reply Quote 0
      • T
        The Party of Hell No @bitvoip
        last edited by

        @bitvoip

        In the Openvpn server custom options under advanced configuration add a push:

        #Command to force Openvpn onto LAN;
        push "route 172.31.54.0 255.255.255.0";

        Where 172.31.54.0 is your network IP

        B 2 Replies Last reply Reply Quote 0
        • B
          bitvoip @The Party of Hell No
          last edited by

          @The-Party-of-Hell-No Thank you! I will give it a try.

          1 Reply Last reply Reply Quote 0
          • B
            bitvoip @The Party of Hell No
            last edited by

            @The-Party-of-Hell-No It did not work. I can ping the remote router, but no other device on that LAN.

            T 1 Reply Last reply Reply Quote 0
            • T
              The Party of Hell No @bitvoip
              last edited by

              @bitvoip
              There are two rules to be added. The first is a WAN Rule for OpenVPN to route out the WAN - it should be added automatically by the wizard

              The second is the "Pass to any rule." At this point to get it to work leave wide open - in the future you can insert restrictions.
              In: Firewall > Rules > OpenVPN (Or whatever you called your OpenVPN server) add rules which allow OpenVPN route to any.

              Where I found information:
              https://blog.miniserver.it/en/pfsense/pfsense-and-openvpn-guide-to-creating-and-configuring-a-road-warrior-vpn-server/

              B 1 Reply Last reply Reply Quote 0
              • B
                bitvoip @The Party of Hell No
                last edited by

                @The-Party-of-Hell-No I have those rules in place. I found what my problem was after adding the route options in the advanced box. I have two WANs and I had to select the second WAN to be as default Gateway so they can come out with the correct IP and access to LAN works now.

                Thanks for your help.

                T 1 Reply Last reply Reply Quote 0
                • T
                  The Party of Hell No @bitvoip
                  last edited by

                  @bitvoip

                  well great! Always good to discover and fix problems.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.