Hi everyone,
I'm trying to make Caddy access list work thru the openvpn instance but having difficulties.
OpenVPN instance works, I can access local ip's within local network. However, caddy does not recognize the openvpn connection as a local network connection but rather as the WAN connection of the user, so it is block by the access list.
I tried setting the openvpn instance with different redirect gateway option but it still does not work. The connection either gets timeout and nothing appears on the caddy log file, or the connection is blocked because it's being recognized as an outside ip instead of a local network one.
Anyone can help?
What is the destination address the VPN user tries to access with their browser? Is that part of the VPN tunnel?
E.g. if as one frequently does
- you have your external IP address as myapplication.mydomain.com so Caddy can take care of Letsencrypt and things
- additionally you have a VPN tunnel with RFC 1918 IP addresses and "local networks" set to your LAN and possibly other local addresses
then a browser connecting to myapplication.mydomain.com will use the current Internet uplink of the device in question and not the VPN tunnel.
So it's important that you give the complete topology including addresses - you might hide the external one if you are concerned about that.
Here's the topology:
Lan Networks
- 192.168.1.0/24
- 192.168.2.0/24
- 192.168.3.0/24
- 192.168.4.0/24
VPN Network
- 192.168.50.0/24
myapplication.mydomain.com and caddy are on the local network, 192.168.1.0/24
OpenVPN Routing option has all lan networks added in local network tab
And the Caddy access list includes 192.168.50.0/24?
Yes, 192.168.1.0/24 , 192.168.2.0/24 , 192.168.3.0/24 , 192.168.4.0/24 , 192.168.50.0/24 are in caddy access list
Get out the big guns - use tcpdump and trace from source to destination interface by interface what is happening ...
Id say split tunnel and the request does not go through the VPN tunnel due to DNS being resolved to external IP.