Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn to access more than one subnets

    Scheduled Pinned Locked Moved OpenVPN
    12 Posts 3 Posters 892 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bthovenB
      bthoven
      last edited by bthoven

      I've just created a new subnet (192.168.3.xx) for my iot device, in addition to my existing one (192.168.2.xx). My .2.xx devices can access .3.xx devices; but not vice versa (to protect my .2.xx devices from iot devices.

      My Openvpn server allows me remote access all devices in the 192.168.2.xx and 192.168.3.xx subnets, except my AP (192.168.3.254)

      My question is how I modify my Openvpn server setup to allow me to remote access both .2.xx and .3.xx.

      Thank you.

      update: the right subject should be "I can't access my new Access Point from a different subnet". It's solved now by defining gateway and dns server ip on my new AP.

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by chpalmer

        What do your OpenVPN firewall rules look like?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • bthovenB
          bthoven
          last edited by

          here it is
          e81c4e37-a6f1-4439-a2ea-53e299d95afb-image.png

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            You need to edit your OpenVPN Server instance. Go to Tunnel Settings - IPv4 Local network(s) and add your 192.168.3.0/24 network there.

            bthovenB 1 Reply Last reply Reply Quote 0
            • bthovenB
              bthoven @KOM
              last edited by bthoven

              @KOM said in Openvpn to access more than one subnets:

              You need to edit your OpenVPN Server instance. Go to Tunnel Settings - IPv4 Local network(s) and add your 192.168.3.0/24 network there.

              Thanks. My tunnel settings already force all ipv4.
              Sorry, my .2.xx devices can access all .3.xx devices, except the Access Point (OpenWrt, 192.168.3.254) web admin page, ping from .2.xx failed. It could be any setting I need to adjust on the AP?
              4e6f1706-4876-41ed-8c72-073567ab0b11-image.png

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Your AP may only respond to traffic from its local network. You can check by doing a packet capture on your IOT interface while pinging the AP and see if the ping packets are leaving the IOT interface for the AP.

                1 Reply Last reply Reply Quote 1
                • bthovenB
                  bthoven
                  last edited by bthoven

                  Here are the packet capturing on my IOT interface when I'm on 192.168.2.9.

                  When I ping 192.168.3.24, which is successful:
                  2f8e7a69-696e-486a-a88f-a9cb67b8a7a1-image.png

                  When I ping 192.168.3.254, which is time-out.
                  d981a864-4467-4dac-9f4b-611ffae3e954-image.png

                  Please bear with me. I'm still learning all these.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    OK, that tells you that the packets are leaving the IOT interface. The unit you're pinging isn't responding.

                    1 Reply Last reply Reply Quote 1
                    • chpalmerC
                      chpalmer
                      last edited by

                      Look at the LAN settings on your AP. Are they correct?

                      With OpenVPN the server already knows its local addresses. Nothing to change there. Usually changes for the server side happen on the client side. and visa versa.

                      Show your IOT interface rules.

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 1
                      • bthovenB
                        bthoven
                        last edited by bthoven

                        Thanks. If I replace my Openwrt AP with my Tenda stock firmware AP, I can access it! It seems to be some setting is needed on my Openwrt AP. Any idea what could it be?

                        update: ok now. I did not set gateway and dns ip to be 192.168.3.1 on my AP

                        1 Reply Last reply Reply Quote 0
                        • chpalmerC
                          chpalmer
                          last edited by chpalmer

                          :)

                          Gateway and subnet are important.

                          For a device to reply it has to know how to.

                          Gateway- any address outside of the device subnet goes here.

                          subnet- how big is my subnet range anyways? When must I forward my requests though the gateway address?

                          Triggering snowflakes one by one..
                          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                          1 Reply Last reply Reply Quote 1
                          • bthovenB
                            bthoven
                            last edited by bthoven

                            Thanks. I did not specify it because when I installed my first AP, I didn't have to.

                            Networking is not my area and I learned a lot from you guys here. Installing PfSense forced me to have more hand-on experience on networking.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.