Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Default gateway

    OpenVPN
    2
    3
    328
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rsloan last edited by

      Hi,

      Hopefully I'm missing something obvious but can't see what.

      I've setup an OpenVPN server using tap mode as my VPN clients need to have a real LAN address as some of the services they access are only accessible when connected to the local network as they use a company proxy.

      I have the LAN / OVPN interfaces bridged and have 'bridge DHCP' enabled under 'Tunnel Setting'. If I leave 'Server Bridge DHCP start' and 'Server Bridge DHCP End' blank, I do get an IP address, subnet mask, dns and default gateway from the DHCP server to the VPN client but I'm unable to access or even ping any devices on the LAN.

      If I set a 'Server Bridge DHCP start' (192.168.6.220) and 'Server Bridge DHCP End' (192.168.6.250) address, I then have no gateway specified on the VPN client but can access the internal network by IP address only, but despite requiring all traffic to go via the VPN, I have no internet access.

      My network setup is as follows:

      My lan is on four subnets:

      192.168.6.0/24 (DHCP enabled)
      192.168.7.0/24 (Addresses statically assigned)
      192.168.8.0/24 (Addresses statically assigned)
      192.168.9.0/24 (Addresses statically assigned)

      The gateway address is 192.168.7.5.

      VPN clients need to have an address within the 192.168.6.0/24 range and be able to access all subnets as users directly connected to the LAN do.

      As a side note, machines on the LAN also need to be accessible via NETBIOS name as well as IM address (Mainly terminal servers)

      Regards,

      Robert.

      1 Reply Last reply Reply Quote 0
      • G
        GoldFish last edited by

        At the first glance, it looks an issue with the rules. Did you use OpenVPN Wizard to setup the VPN? The wizard automatically adds access rules and also provides you an option to choose a list of subnets you want to provide access to the VPN clients. There you can choose all the subnets on your LAN.

        1 Reply Last reply Reply Quote 0
        • R
          rsloan last edited by

          Hi,

          I saw the option to choose subnets but not a gateway address. Although I'm able to get a connection to the servers using a tun connection, I need to be able to use tap so homeworkers are able to use there VOIP phones.

          Do you have any other ideas on what I could try?

          Thank you for your response.

          Regards,

          Robert.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy