openvpn shall use local network

pooperman

hi folks,

I want to use plex on my phone as a remote, therefore it shall be in the same network (192.168.0.*) as all other clients.

current setup:
in openvpn setting is ip rnge 192.168.8.* mentioned
I am able to view what is stored in plex but cannot control my computer, while playing something with plex.

when i deactivate the vpn tunnel and login via wifi, i am able to control.

so i was thinking, I could change the ip address in openvpn to 192.168.0.*
that works fine, but i am not able to enter plex anymore, It seems the traffic is blocked.

any idea how to bring the vpn tunnel into the same network (192.168.0.*) like all other clients?

JeGr

@pooperman said in openvpn shall use local network:

x but cannot control my computer, while playing something with plex.

What are you trying to "control" that doesn't work over a routed VPN network? If Plex works, what's the problem?

I want to use plex on my phone as a remote, therefore it shall be in the same network (192.168.0.*) as all other clients.

You describe it working in your next paragraph but now want your VPN in the same subnet as your LAN because of what?

that works fine, but i am not able to enter plex anymore, It seems the traffic is blocked.

no it's not fine. You can't just configure your OpenVPN tunnel network the same as your LAN. It simply won't work that way as there's no clean routing.

pooperman

192.168.0.118 (client) is playing video
192.168.8.1 (phone via VPN) cannot control video played on client
but phone can access 192.168.0.121 (plex server) and play video

how to set up, that phone can control client.

johnpoz

@pooperman said in openvpn shall use local network:

how to set up, that phone can control client.

Control what client - like a roku or something, chromecast playing video on say a TV? Just at a loss to why you would wan't/need to do such a thing while your remote with your phone?

Are you vpn into your own network, while you there? Or is this something you want to do while your way - say at starbucks or something?

I have used plex for a few years now, and use it remote all the time.. And I use the roku app to control my roku sticks and such... But never have done anything with "plex" to control another client.

Your trying to do this?
https://support.plex.tv/articles/201358253-choose-a-player/

You have to be on the same local network for that to work.. But still at a loss to why anyone would do this while remote - ie vpn..

KOM

I think he's trying to do it locally while connected to his VPN, as in his phone is on VPN all the time.

johnpoz

Thats just stupid ;)

Not going to be able to do it.. Even if you used tap vs tun... Since phone on the same wifi network Ie 192.168.0/24 and now you want to tap vpn and also get a 192.168.0

It takes 2 freaking seconds to disconnect vpn, or just block access to vpn while you on your local network..

pooperman

haha I havent thought it is so hard to explain.

I have unlimited cellphone traffic and I dont want to switch to wifi... too hard to explain.

plex (phone) is having the feature to control other plex clients (eg. pc), like spotify.

I want to use that function to control my pc from my phone via vpn tunnel on cell network.

what do I need to do, to archive that?

KOM

It isn't hard to explain. You just didn't do a good job of making yourself clear. That's why we're here guessing as to what you're trying to do.

If you must be on VPN all the time, and you must access your thing via phone remote, then your only option is to port-forward your thing interface out to WAN just like you would do if it was a web server. Then you can access it from the public Internet.

pooperman

nah that is a very bad solution.

is there no way like routing the trafic of 192.168.0.* network to 192.168.8.* network?

I am able to see everything in my network from the vpn phone, but not the other way round?

KOM

We don't know any details about your network nor your VPN config. Perhaps your VPN app, whatever it is, allows local traffic to flow normally instead of routing literally everything though the VPN. We don't know if it supports policy routing. If your phone and these devices are all on the same LAN then pfSense has nothing at all to do with it. Check your VPN app configuration.

pooperman

I thought i have provided all information about ip addresses.. anyway here we go:

iphone 6 with openvpn app

pfsense with latest version and latest openvpn installed

App settings;
Seamless Tunnel on
VPN protocol TCP
DNS fallback off
layer 2 off

plex server ip 192.168.0.121/24
pc ip 192.168.0.118/24
phone ip via vpn 192.168.8.1/24

is something else required?

johnpoz

@pooperman said in openvpn shall use local network:

too hard to explain.

Don't worry about it - don't care.. Have fun with such nonsense.. You have devices on your local network you want to interact with at L2, ie same broadcast domain.. Then connect to this network..

If you want to vpn into your network via this vpn connection and be on the same L2, then you would have to use tap vs tun... But you can not also be connected to the wifi.. But if you stay on the LTE then you could do it.

But that is just freaking moronic. .And sure not going to be "fast" why would you want to add that sort of latency and instability to your control - delay, etc. Click on control to pause song and doesn't work or takes 2-10 seconds to kick in.. When your right there local..

There is zero way to explain such nonsense..

edit: Well iphone, so you can not do tap anyway.. Have fun, since you know connecting to your local wifi would be so hard ;) You know yoru phones like auto do it when they get near... Simple button your home screen to connect and disconnect your vpn.. You could automate that as well.

pooperman

let us not discuss sense or nonsense, in my case there is a purpose and I am just in hope that we can find a solution without offtopic discussions.

Layer 2 is not an option, i need to have layer 3

please forget wifi, we are only talking about cellphone internet via vpn.

is there no way like bridging vpn network to 192.168.0.* network?
adding another vpn client in 192.168.0.* network?

come on guys you are the experts, cant be that there is no way for doing that.

KOM

I am able to see everything in my network from the vpn phone, but not the other way round?

If you can see all your LAN clients with VPN on then it's not directing all traffic out the VPN. Is your wifi on the same LAN or is it on a different subnet? If same LAN then pfSense is not involved at all.

pooperman

@KOM said in openvpn shall use local network:

I am able to see everything in my network from the vpn phone, but not the other way round?

If you can see all your LAN clients with VPN on then it's not directing all traffic out the VPN. Is your wifi on the same LAN or is it on a different subnet? If same LAN then pfSense is not involved at all.

it is not about out rather then in.

phone connects via cell internet via vpn to www.mydoinain.org
this redirects it to openvpn servers ip address, goes in via open port in pfsense, goes to pfsense dns server, goes to plex server.

so I am able to see all clients and use the tunnel for ALL communication. inside 192.168.0.* network and www

but from 192.168.0.* network I cannot see openvpn client.
therefore I assume it is something like a virtual network or a rule which block it or just missing routing.

pooperman

@KOM said in openvpn shall use local network:

I am able to see everything in my network from the vpn phone, but not the other way round?

If you can see all your LAN clients with VPN on then it's not directing all traffic out the VPN. Is your wifi on the same LAN or is it on a different subnet? If same LAN then pfSense is not involved at all.

please forget WIFI, there is no wifi, I am only connected vi cellphone internet

KOM

OK, all of that info would have been good to know from your very first post.

So your VPN is in to yourself. What rules do you have on your OpenVPN interface in pfSense? Just the default one that gets created by the OpenVPN Remote Access wizard? Any other packages running like SNort or Suricata? Anything showing as blocked in your firewall log while testing? Are you running a web proxy like squid?

pooperman

god damn.... found the problem.

there was a rule missplaced

it is now working fine!

KOM

You're welcome.

johnpoz

Your using DLNA, which is how plex finds player from your vpn connection from your phone via your LTE connection... Sorry but no I don't think so..

So your you are either doing something else other than what I Linked to, or your mistaken.. Did you setup pimd or the igmp proxy in pfsense for your vpn connection? Is your iphone rooted and you can use tap mode, etc.