Problem accessing LAN from OpenVPN

revengineer · Apr 18, 2018, 1:43 PM

I have a problem accessing LAN from OpenVPN from some networks, and I think I narrowed this down to an issue with overlapping subnets. My home LAN is on 192.168.1.x. Currently I am at a location that uses the same subnet, and I have no control over this. I can use OpenVPN to connect to the pfsense firewall at home, and I can access the internet (surf the web). However, I cannot connect to machines on the 192.168.1.x subnet. For example, when I try to connect to 192.168.1.1, I connect to the local router rather than my pfsense at home. I understand that the general advice is not to have overlapping networks, but when on travel, I have no control over what IP addresses hotels use. Is there a workaround with instructions that is easy to understand for a layman like me?

periko · Apr 18, 2018, 3:26 PM

Is a roadwarrior setup?

Pippin · Apr 18, 2018, 6:15 PM

To avoid conflicts as much as possible i made a list of subnets that manufacturers like to use as default.
Best would be to NOT configure any subnets of following list on networks you control when OpenVPN is involved:

10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255

169.254 # APIPA #

172.16.0
172.16.16
172.16.42
172.16.68

172.19.3

172.20.10 # IPhone hotspot #

192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.33
192.168.39
192.168.40
192.168.42 # Android USB tethering #
192.168.43 # Android hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 # Windows Phone hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254

200.200.200

revengineer · Apr 19, 2018, 5:20 PM

@periko: I do not know what roadwarrior is so I assume the answer is no.

@pippin: I agree that would be a solution and it is the one I am trying to avoid.

In the meantime, I found that on my android phone using the OpenVPN app, I can access the firewall with 192.168.1.1. Only on the MacBook Pro running Tunnelblick the before address lands me on the local router. Both systems use the same OpenVPN config files. It then seems this may be a Tunnelblick issue.

revengineer · Apr 19, 2018, 6:02 PM

Or it could be Mac issue. I just tried Viscosity and it has the same issue.