OpenVPN config to allow client to access local network

By neufuse
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

I am trying to get my one Raspberry PI to connect to an OpenVPN server but still allow it to talk to my local lan subnet 192.168.0.1/16 so I can SSH into it but all other traffic goes out the VPN (Split Tunneling?)

 

I tried to add 

  

route-nopull
route 192.168.0.1 255.255.0.0

 

into my ovpn config file all I get back is an error

 

  Quote

Options error: option 'route' cannot be used in this context

Expand  

and I lose connection to my SSH session

 

does anyone know the correct way to allow traffic from a OpenVPN client to the local network?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 24/09/2021 at 19:13, neufuse said:

192.168.0.1/16

Expand  

That is not a network, that is a host address.  And that would not be how you would do it on the client side even if network was correct.. You would need the gateway to use.

 

So I take it this pi is on the 192.168.0.0/.16 network?  With an address of 192.168.0.1?  And you want to talk to say 192.168.0.2 but route all other traffic out the vpn connection? Why would you use up all of the rfc1918 192.168 space via 1 network for starters.

 

Your pi being on any network normally wouldn't route traffic that local out the vpn.  Do you have other networks in the 192.168/16 space locally that your trying to get to?  Maybe a drawing of your network, and some details of exactly what your trying to accomplish would help.

 

If you use the route-nopull in your client, you would not be sending anything to the vpn unless you route traffic specifically to it.

 

What is the normal client config, server config your connecting to.. Do you have this - or is this some vpn service?

 

Normally if the vpn is setup correctly.. The client will route internet out the vpn, but any local networks would still be accessible be it on the local same network as the client.. If your server is using redirect-gateway, and you need to get to some local network.. For example in my case 192.168.3/24 is another network local.. While My server send internet traffic out the vpn, my local 192.168.9/24 traffic is local.. But can not get to 192.168.3/24

 

openvpn.jpg.44458dd7e2d451a15a904f1acf04435a.jpg

 

So just add the local route to my client config.

route 192.168.3.0 255.255.255.0 net_gateway

 

Now when connected to vpn, I can get to internet via vpn, my local network directly attached to 192.168.9/24 and also the other local network that my local router routes.

 

localnetworks.jpg.28c8567074d065e1dd928d8955c074bc.jpg

 

 

 

 

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Hulk Hogan Dead at 71

      By seta-san · Posted

      Don’t care about a wrestling union. No normal person should care. 
    • AdGuard is yet another app to block Windows Recall

      By naap51stang · Posted

      Limassol, Cyprus. Just south of Turkey. NOT Russia.
    • Security in the Chinese mini PCs?

      By goretsky · Posted

      Hello, Given the reports of Chinese Mini PCs shipping with malware, I would recommend wiping the machine and performing a clean install of Windows on it before use.  From what I can infer from the reports, the Mini PCs that shipped with malware were not the result of targeted purposeful action on the part of the device manufacturers (which is something that has happened with low-cost Android smartphones and TV boxes from China) but rather due to lax security in the manufacturing process.   Getting back to the subject at hand, there are a few steps you will want to go through before wiping the Mini PC: You can start preparing even before the Mini PC arrives.  Once you have ordered it and know the brand and model, go to the manufacturer's website and download all of the latest device drivers, BIOS (UEFI) firmware updates, machine-specific software (if any), and manuals.  Many Mini PC manufacturers do not do a lot of customization of their device drivers, just shipping whatever device drivers the the silicon vendors provide.  I still recommend downloading them, though, just in case there are some customizations or for initial install since those are the drivers you know the manufacturer validated for the Mini PC.  Store these in a safe place, so you have them ready when the Mini PC arrives. Use Microsoft's Windows Media Creation Tool to create an installation USB.  You can also create a directory on installation USB--like C:\DRIVERS\ or whatnot--and store the extracted device drivers there in case you need them while or after installing Windows. Once the Mini PC arrives, and you have your Windows installation USB available, you can proceed with wiping the PC and doing the clean install.  Here's how you do that, step-by-step: Check the computer and make sure you know how to boot it from a USB flash drive (may be a specific key you have to press when the computer is powered on, or a change to the BIOS (UEFI) firmware settings.  The PC may tell you what key combination you need to press to boot from another drive, or the manual for the PC may it. Plug the USB flash drive into the computer and power it up using the means to have it boot from the Windows install USB. Once the computer finishes booting, it should be at a Windows installation screen. Do not agree to any prompts, copyright licenses, or click on any buttons. Press the Shift + F10 keys together to open a Command Prompt. Run DISKPART to start the command-line disk partitioning utility. The command line prompt will change to DISKPART>. At the DISKPART> prompt, type LIST DISK to get the numbers of all drives installed in the system. Make a note of what number is assigned to what drive (if the Mini PC has more than one drive).  At the DISKPART> prompt, type SEL DISK n  where n is the number of the drive containing Windows. At the DISKPART> prompt, type CLEAN and this will erase the GPT/MBR code from the beginning of the drive. *WARNING:* After performing the clean operation, the drive now be blank/erased, and everything on it will be gone (all files, etc.).  You can exit DiskPart and just continue with the Windows installation as you normally would.  If needed, you can install the device drivers you put on the Windows install media to get your network connection up and running, and from there run Windows Update to get the operating system and device drivers up to date Regards, Aryeh Goretsky
    • Wolfenstein TV show in development at Amazon

      By pmrd · Posted

      Why? Amazon has some great shows and Fallout was near perfect.
    • Politically funny images of the World

      By +primortal · Posted

  • Recent Achievements

    • Week One Done
      cac1lll earned a badge
      Week One Done
    • One Month Later
      Falcon.ai earned a badge
      One Month Later
    • Week One Done
      Falcon.ai earned a badge
      Week One Done
    • Dedicated
      EYEREX earned a badge
      Dedicated
    • First Post
      Electronic Person earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      627
    2. 2
      ATLien_0
      238
    3. 3
      Xenon
      166
    4. 4
      neufuse
      142
    5. 5
      +FloatingFatMan
      123
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!