OpenVPN - Unable to get to some LAN IP's

[rfanch3r]

I just got done following this guide: https://www.sparklabs.com/support/kb/ar ... viscosity/

But I cant seem to get to all of my LAN ip's, for instance:

192.168.1.2 Alt netgear wifi router
192.168.1.4 pfsense box (Backup)
192.168.1.254 Managed switch

route print shows me the following:
Network Destination Netmask Gateway Interface Metric
192.168.1.0 255.255.255.0 10.0.8.5 10.0.8.6 50

Anyone have any ideas how this can be resolved?

[rfanch3r]

OK anyone have a server.conf they could share that does reach all of the lan IP's? Other than maybe 1 thing I couldn't find, its exactly like the document.

[rfanch3r]

So with no one answering, does that mean no one is actually using OpenVPN?

[marjohn56]

Yes, I use it, works perfectly. :)


Can you access any devices on that LAN?

[rfanch3r]

I can access some but not others, I made a xls of ones I cant reach compared to ones I cannot, I don't see a pattern.

I can access 192.168.1.1 but not 192.168.1.2 etc....

[brim2full]

If you can ping both the accessible and non-accessible machines then your half way there.  Also check ping in the other direction.  Note: ICMP pings are sometimes blocked by firewalls, temporally enable it.

If that works then you need to be more explicit about what you mean by "accessing".  The machines may well have their own firewalls.  Are they blocking access?  Do the machines in question have different network setups?

[rfanch3r]

Access = ping, sorry I should have been more clear. Of the IP's I am not able to get to I am also not able to ping/route to those IP's. I can post what my server.conf says but there is hardly anything in it, its mostly default.

Code Select Expand

dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local MYIP
client-disconnect "/usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh server1"
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'OpnSense' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 10.0.8.1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo no
persist-remote-ip
float
push "route 192.168.1.0 255.255.255.0"


[Maurice]

The unreachable devices might be missing a return route. Do they have OPNsense configured as their default Gateway?

[rfanch3r]

As a test I did fire up OpenVPN on my Synology NAS just to see if the behavior was the same and I am able to get to all of the IP's that I cant get to running OpenVPN on opnsense, I am pretty sure that the gateway for each of those is set to 192.168.1.1.