openvpn client to vlan network gets IP but not gateway

Started by ltcptgeneral, June 22, 2022, 03:18:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 22, 2022, 03:18:47 AM Last Edit: June 22, 2022, 03:21:55 AM by ltcptgeneral
I'm a little new to vpn setup in general, so apologies if there is something simple I am missing.

I've created a simple setup:
I have a VLAN from 10.0.2.1/24 and vlan tag 11
I created an openvpn server with tunnel network of 10.0.2.0/24
The corresponding openvpn client also has tunnel network of 10.0.2.0/24

When I connect from a windows client, it is able to grab the IP 10.0.2.6, but has no gateway
The client is unable to connect to any other server on its vlan
Running tracert, the connection attempt uses the client's existing gateway instead of the vpn network's gateway

Any ideas on how to fix this issue? I suspect I need to add the vlan tag to the client's interface but I'm unsure of how to do that.
June 22, 2022, 05:40:23 AM #1
Another observation, the client has received IP address 10.0.2.6 with a subnet mask of 255.255.255.252.
In the configuration, the client's tunnel network should be 10.0.2.0/24
June 22, 2022, 09:08:24 AM #2 Last Edit: June 22, 2022, 09:11:17 AM by wedge1001
why did you crate a vlan?
when you create an openvpn server opnsense will automatically add routes (and you are able to assign an real interface to this connection)

if you want to bridge this OpenVPN Interface to an attached (V)LAN you need a bridge interface Interfaces -> Other Types -> Bridges

My advice would be: choose different IP-Ranges and use a real routing



as for your setup...
please post your config.

the .252 or a /30 network looks like you are using client-isolation (max. 2 usable IPs - OPNsense + Client);
if you tick "Inter-client communication" it should give you the whole subnet.


edit
i forgot to talk about the gateway:
normally - if you have a good configuration - your gateway will be pushed to the openvpn client.
i suppose this is a problem because you already have the same network defined in your vlan - so openvpn is not able to assign the .1 address to itself again.
please check your openvpn logs (VPN -> Openvpn -> Log File)
if there are no infos increase the log-level to 3 though the ip-conflict should also be visible with loglevel 1
June 22, 2022, 09:12:31 PM #3 Last Edit: June 22, 2022, 09:19:40 PM by ltcptgeneral
I'm already using VLANs regardless of the OpenVPN setup, it automates routing permissions. My hope is to attach clients to their VLAN directly, avoiding extra manual work in defining rulesets for each client.

I will take a look at your suggestions using a bridge between the OpneVPN interface and VLAN interface.
June 22, 2022, 09:44:17 PM #4
I put the VPN server on its own interface and subnet range and bridged it with the existing VLAN. I also enabled interclient communication. Neither allowed the client to get a gateway
June 23, 2022, 08:00:11 AM #5
could you be so kind to post your config here?
and also the logfiles? - preferable from the client and the server?
Print
Go Up Pages1
User actions