OpenVPN: connection established but cannot access LAN or WebGUI
-
Dear all,
maybe I am making a silly mistake or just overlooked something, but I cannot make OpenVPN work as I would like it to. I have a static IPv4 address and my internal network is 10.10.0.1/16. Following my OpenVPN setup network setup:
- Subnet for OpenVPN:
10.10.2.1/24 --> can establish VPN connection, but cannot access webGUI or any other LAN connected device
10.10.2.1/16 --> cannot establish VPN connection
10.10.0.1/16 --> cannot establish VPN connection - Networks to access with VPN: 10.10.0.1/16 --> not possible even if VPN is connected.
I do not know what I am doing wrong, but it seems already weird to me that I cannot connect a device via VPN to the "main" subnet 10.10.0.1/16. Despite the fact that there is a different interface connecting (WAN vs OpenVPN), I do not see a reason why that should not work. Furthermore, the non-connectivity to the main subnet is completely unclear to me.
I would really appreciate if someone could help me out of my VPN-misery.Cheers and thanks in advance!
- Subnet for OpenVPN:
-
@flintstone_404 said in OpenVPN: connection established but cannot access LAN or WebGUI:
Subnet for OpenVPN:
10.10.2.1/24 --> can establish VPN connection, but cannot access webGUI or any other LAN connected device
10.10.2.1/16 --> cannot establish VPN connection
10.10.0.1/16 --> cannot establish VPN connection
Networks to access with VPN: 10.10.0.1/16 --> not possible even if VPN is connected.None of these is a network address!
You have to state a network address for the tunnel network like 10.25.25.0/24. As well you have to state a network for "local netwoks", e.g. 10.10.0.0/16.AND ensure that the tunnel and local network are not overlapping!
-
@viragomann Thanks for the reply.
So that I get it correct: the network of my LAN and the OpenVPN should be non-overlapping. Following your example this would mean: given that my LAN network is 10.10.0.0/16, the OpenVPN network could be 10.11.0.0/16 (so they are not overlapping).
To allow the OpenVPN network to have access to my LAN network, 10.10.0.0/16 has to be put in the field which asks for the networks to communicate with?None of these is a network address! In my understanding 10.10.2.1/24 would be a valid address encompassing the range 10.10.2.1 - 10.10.2.254 and broadcasting using 10.10.2.255. Given the fact that LAN and OpenVPN should not be overlapping, I do understand that this choice is not usable. Can you explain why I could nonetheless establish a OpenVPN connection using 10.10.2.1/24 as OpenVPN network?
Have a nice sunday and many thanks for your input!
-
@flintstone_404 said in OpenVPN: connection established but cannot access LAN or WebGUI:
So that I get it correct: the network of my LAN and the OpenVPN should be non-overlapping.
Correct. If the OpenVPN tunnel network is overlapping with LAN routing is not possible.
Following your example this would mean: given that my LAN network is 10.10.0.0/16, the OpenVPN network could be 10.11.0.0/16 (so they are not overlapping).
Would be ok. But any good reason to have a /16 VPN tunnel? Do you intend to have 65k clients?
In my understanding 10.10.2.1/24 would be a valid address encompassing the range 10.10.2.1 - 10.10.2.254 and broadcasting using 10.10.2.255.
It's a valid IP address, but not a network address. You need to state a network address for the tunnel network.
But also not 10.10.2.0/24 since this is part of your 10.10.0.0/16 LAN. -
@viragomann It is all working now! Thank you!