How do i make vpn clients be on the same subnet?



  • I have openvpn setup on my box and so far it works great, and while i can access my normal subnet if i am able to manually specify the address anything just broadcasting naturally doesn't work. I have direct tv and i would like to use the vpn to trick the direcTv tablet app into thinking i am at home. However for this to work i need the vpn to be on the same subnet as my DVR. What is the proper way to go about getting my vpn clients to share address with my lan clients?



  • I'm not sure if avahi can be used to accomplish this.  But maybe.



  • If it's really hard (or ultimately not possible)  to have openvpn just spit people at the lans dhcp is there a way to "echo"  brodcast messages? So that device's broadcasting themselves on the 192.168.1.x will also be seen from the ovpn side of things? The app stupidly limits live tv streaming to local lan so they expect you to be at home. If i can just get the app to see my box it will think i am at home and I'll be golden.



  • Does that mean you have no interest in seeing if avahi can do that for you?



  • Well once i know what that is I'll know. Ill Google it but by all means let me know how you think it would help if it can work then I'd probably be up for it



  • Fortunately, getting Avahi to work under pfSense is very simple. To install Avahi in pfSense, navigate to System -> Packages, and scroll down to “Avahi”. Press the “plus” button next to the listing, and on the next page, press “Confirm” to confirm the installation. The installation will take a few minutes to complete.

    Once installation is complete, there will be a new item on the “Services” menu named “Avahi“. If you navigate to Services -> Avahi, you can configure the settings for Avahi discovery. The “Enable” check box enables the Avahi Bonjour/Zeroconfig proxy. The “Browse domains” edit box allows you to enter domains you would like to have proxied. The “Deny interfaces” list box allows you to specify interfaces that you do not want Avahi to listen on (WAN is disabled by default). Finally, the “Disable IPv6” and “Disable IPv4” disables IPv6 and IPv4 support in Avahi respectively.

    Once you have Avahi enabled, systems on interfaces on which Avahi is listening should be able to publish and/or discover Bonjour/Zeroconfig services.



  • I'm not sure if that will work for your needs or not.  But I think its worth a try.  Maybe.



  • Does not currently work on 2.2 Beta. Just adding this. :(



  • If security is not your primary concern and this will be used primarily on networks you trust, you could try PPTP vpn.

    PPTP does easily allow you to put vpn vlients on same subnet as LAN

    PPTP isn't actually a bad way to extend your "LAN" to pretty much anywhere, but the encryption is cracked.

    So its not first choice for airports and coffee shops and random hotspots.



  • so I mean I can see it, I can ping it and it will reply to me. but the app still wont "see" it. strange., it must see its not on the same subnet and get all pissy i guess.



  • The issues seems to be that even tho the app sees that hey this is its address its using broadcast and other things that simply are not transmitted over tun. I tried to setup the openvpn to be tap and just bridge to my lan but i could not figure out how to get it working for the life of me.



  • Just configure a bridged tunnel instead of routed.

    There's gotta be a wiki or something somewhere.  A quick google search gave me this guide:

    https://forum.pfsense.org/index.php?topic=46984.0

    It's a two year old post, but worth a shot.



  • Good idea.  Abit trickier to configure though.