Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - Two LANs, access both with a single VPN connection

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      henryb
      last edited by

      Hi,
      I have been using guides for setting up OpenVPN, and it works very well, for an single LAN that is.

      At the moment I have to separate LANs (using LAN og OPT1 port), 10.1.1.0/24 and 10.10.1.0/24
      Rules are set up so they can communicate transparently (e.g access printers and RDP servers)

      In the OpenVPN Tunnel Settings, I can specify e.g. "Local Network" as 10.1.1.0/24, and the user/OpenVPNclient can access that network. However, he would like to access both LANs.
      If I specify 10.10.1.0/24, he can only access computers in that other LAN.

      Is there an easy way to make a rule or route, that gives him access to both networks?
      I have tried, with no luck so far.

      I am aware I can create two OpenVPN settings documents, and give user to separate logins/certificates, but I'm trying to make it less complicated on behalf of users.

      Any good solutions will be appreciated  :)

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        In the OpenVPN Tunnel Settings, I can specify e.g. "Local Network" as 10.1.1.0/24, and the user/OpenVPNclient can access that network. However, he would like to access both LANs.
        If I specify 10.10.1.0/24, he can only access computers in that other LAN.

        From pfSense 2.1 onwards, on the OpenVPN server settings it says:

        IPv4 Local Network/s - These are the IPv4 networks that will be accessible from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.

        Do that - put in:

        10.1.1.0/24,10.10.1.0/24
        

        On Firewall->Rules, OpenVPN make sure your rule/s allow traffic to both those subnets (sounds like OpenVPN rules are already good).

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • H Offline
          henryb
          last edited by

          Do that - put in:

          10.1.1.0/24,10.10.1.0/24
          

          Thanks Phil, this is great news  :)

          In fact I've already tried that on aforementioned pfSense-box, and this is what I got:
          • The field 'Local network' must contain a valid CIDR range."

          Reading your reply once more, and I realized you wrote "from pfSense 2.1", while I'm running v 2.01.

          Then of course tried to upgrade immediately,

          Auto Update Download Status
          –--------------------------------------------------
            Current Version : 2.0.1-RELEASE
            Latest Version  : 2.1-RELEASE
            File size      : 79564762
            Downloaded      : 7232338

          The image file is corrupt.
          Update cannot continue

          This seems to be a pretty common issue, and browsing the log showed this:

          • filesystem full
          • php: /system_firmware_auto.php: The command '/usr/bin/gzip -t '/root/latest.tgz'' returned exit code '1', the output was 'gzip: data stream error gzip: /root/latest.tgz: uncompress failed'

          So I'll swap in a larger CF-card, and try upgrading during this week.
          I will report back, if I succeed using your recommendations.

          Appreciate your help :)

          1 Reply Last reply Reply Quote 0
          • P Offline
            phil.davis
            last edited by

            On 2.0.n you can put statements in the Advanced box of the OpenVPN server settings to tell the client about routes to more local networks:

            push "route 10.10.1.0 255.255.255.0"
            

            and just put a single CIDR in the Local Network box:

            10.1.1.0/24
            

            so you will be able to achieve it without going to pfSense 2.1 if you want to get it going quickly.

            PS: You must have a small CF card, or lots of packages and random stuff on it.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • KOMK Offline
              KOM
              last edited by

              Thanks, Phil.  I had a working config and then added a DMZ and was surprised that my VPN users couldn't get to it.  Your reply clued me in that I forgot to update the IP4 Local Networks to add the DMZ subnet.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.