Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN clients on same subnet as interal network.

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 5 Posters 12.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jdsimonds
      last edited by

      Hello,

      I have openvpn up and running and all traffic routed threw it since I travel so much. But I want the remote computers to be on a subnet range the same as my local machines. IE 192.168.10.20 - 192.168.10.30.

      Here are my settings now:

      Thank You; For any help in this and I hope this has not been covered somewhere else but I could not find it.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You may enter "192.168.10.20/30,192.168.10.24/29" in IPv4 Local Networks field. That should route only the IPs 192.168.10.20 - 192.168.10.31 from the client over the VPN tunnel. Your remote host just must not have an IP in this range.
        You also may enter some single IPs separated by commas.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          My opinion, you are going out of your way to create trouble for yourself.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            You have to use "tap" mode OpenVPN tunnel to get that - the tunnel devices are effectively bridged onto the LAN.
            But I agree with kejianshi - unless you really just have to have OpenVPN clients being able to browse the general services on LAN for file servers, print servers… then why do it?
            If there are proper names for things in your internal DNS, then VPN clients can connect using the name and it all routes fine.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • J
              jdsimonds
              last edited by

              My problem is this.

              I can ssh to all clients on my network and vpn just fine. But when I try to see their share folders I can not. I have done some reading and I'm starting to think it's because my VPNserver is not sending a gateway so the network stays unidentified

              Thank you guys for you help in this.

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                Assuming you pass all from OpenVPN to pfSense LANnet then you should be able to browse Windows shares on a particular LAN file server by something like, Windows-R:
                \192.168.10.20

                But you won't be able to see the file servers listed in the "Network" section of File Explorer - for that you do need to be on the same LAN.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • K
                  kejianshi
                  last edited by

                  Exactly - You need to use the IP as phil said.
                  You can't browse to the name the same way you do if you are using a bridged configuration or if you are on that local network directly.

                  Its a minor inconvenience to use the IP, but its actually much much more reliable.

                  Even if you were physically on the same lan, its still best to map network drives, shares and printers by IP.

                  Windows networking and the work groups and names are simi-reliable at best even in a simple single LAN setup.

                  I'd use IPs all the time even if no VPN were involved.  Create short cuts on your desktop if you can't remember them.  OR make alias.

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa
                    last edited by

                    My problem is this.

                    I can ssh to all clients on my network and vpn just fine. But when I try to see their share folders I can not. I have done some reading and I'm starting to think it's because my VPNserver is not sending a gateway so the network stays unidentified

                    jdsimonds, I believe it's already been said in one way or another, but everything is working as excepted.  You have configured a routed tunnel and you can access everything via IP.  However, broadcast traffic will not traverse a routed tunnel.  That is why you are unable to see shares, browse for computers, and access resources by name the way you are used to.  You will need to configure a bridged tunnel for that.

                    Also, if your main concern is accessing shares and resources by name, just configure a DNS server and push it out to your clients.

                    A bridged tunnel is less efficient and doesn't scale well.  Typically the only reason to go bridged is if you are running an application that is dependent on broadcast traffic.

                    IMO, you'll be much happier keeping your routed tunnel and fixing your name resolution issue via DNS instead of bridging and replicating all your Broadcast (NETBIOS,etc) traffic over WAN links.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.