OpenVPN clients on same subnet as interal network.



  • Hello,

    I have openvpn up and running and all traffic routed threw it since I travel so much. But I want the remote computers to be on a subnet range the same as my local machines. IE 192.168.10.20 - 192.168.10.30.

    Here are my settings now:

    Thank You; For any help in this and I hope this has not been covered somewhere else but I could not find it.



  • You may enter "192.168.10.20/30,192.168.10.24/29" in IPv4 Local Networks field. That should route only the IPs 192.168.10.20 - 192.168.10.31 from the client over the VPN tunnel. Your remote host just must not have an IP in this range.
    You also may enter some single IPs separated by commas.



  • My opinion, you are going out of your way to create trouble for yourself.



  • You have to use "tap" mode OpenVPN tunnel to get that - the tunnel devices are effectively bridged onto the LAN.
    But I agree with kejianshi - unless you really just have to have OpenVPN clients being able to browse the general services on LAN for file servers, print servers… then why do it?
    If there are proper names for things in your internal DNS, then VPN clients can connect using the name and it all routes fine.



  • My problem is this.

    I can ssh to all clients on my network and vpn just fine. But when I try to see their share folders I can not. I have done some reading and I'm starting to think it's because my VPNserver is not sending a gateway so the network stays unidentified

    Thank you guys for you help in this.



  • Assuming you pass all from OpenVPN to pfSense LANnet then you should be able to browse Windows shares on a particular LAN file server by something like, Windows-R:
    \192.168.10.20

    But you won't be able to see the file servers listed in the "Network" section of File Explorer - for that you do need to be on the same LAN.



  • Exactly - You need to use the IP as phil said.
    You can't browse to the name the same way you do if you are using a bridged configuration or if you are on that local network directly.

    Its a minor inconvenience to use the IP, but its actually much much more reliable.

    Even if you were physically on the same lan, its still best to map network drives, shares and printers by IP.

    Windows networking and the work groups and names are simi-reliable at best even in a simple single LAN setup.

    I'd use IPs all the time even if no VPN were involved.  Create short cuts on your desktop if you can't remember them.  OR make alias.



  • My problem is this.

    I can ssh to all clients on my network and vpn just fine. But when I try to see their share folders I can not. I have done some reading and I'm starting to think it's because my VPNserver is not sending a gateway so the network stays unidentified

    jdsimonds, I believe it's already been said in one way or another, but everything is working as excepted.  You have configured a routed tunnel and you can access everything via IP.  However, broadcast traffic will not traverse a routed tunnel.  That is why you are unable to see shares, browse for computers, and access resources by name the way you are used to.  You will need to configure a bridged tunnel for that.

    Also, if your main concern is accessing shares and resources by name, just configure a DNS server and push it out to your clients.

    A bridged tunnel is less efficient and doesn't scale well.  Typically the only reason to go bridged is if you are running an application that is dependent on broadcast traffic.

    IMO, you'll be much happier keeping your routed tunnel and fixing your name resolution issue via DNS instead of bridging and replicating all your Broadcast (NETBIOS,etc) traffic over WAN links.