OpenVPN Default gateway
-
Hi,
Hopefully I'm missing something obvious but can't see what.
I've setup an OpenVPN server using tap mode as my VPN clients need to have a real LAN address as some of the services they access are only accessible when connected to the local network as they use a company proxy.
I have the LAN / OVPN interfaces bridged and have 'bridge DHCP' enabled under 'Tunnel Setting'. If I leave 'Server Bridge DHCP start' and 'Server Bridge DHCP End' blank, I do get an IP address, subnet mask, dns and default gateway from the DHCP server to the VPN client but I'm unable to access or even ping any devices on the LAN.
If I set a 'Server Bridge DHCP start' (192.168.6.220) and 'Server Bridge DHCP End' (192.168.6.250) address, I then have no gateway specified on the VPN client but can access the internal network by IP address only, but despite requiring all traffic to go via the VPN, I have no internet access.
My network setup is as follows:
My lan is on four subnets:
192.168.6.0/24 (DHCP enabled)
192.168.7.0/24 (Addresses statically assigned)
192.168.8.0/24 (Addresses statically assigned)
192.168.9.0/24 (Addresses statically assigned)The gateway address is 192.168.7.5.
VPN clients need to have an address within the 192.168.6.0/24 range and be able to access all subnets as users directly connected to the LAN do.
As a side note, machines on the LAN also need to be accessible via NETBIOS name as well as IM address (Mainly terminal servers)
Regards,
Robert.
-
At the first glance, it looks an issue with the rules. Did you use OpenVPN Wizard to setup the VPN? The wizard automatically adds access rules and also provides you an option to choose a list of subnets you want to provide access to the VPN clients. There you can choose all the subnets on your LAN.
-
Hi,
I saw the option to choose subnets but not a gateway address. Although I'm able to get a connection to the servers using a tun connection, I need to be able to use tap so homeworkers are able to use there VOIP phones.
Do you have any other ideas on what I could try?
Thank you for your response.
Regards,
Robert.