OpenVPN config to allow client to access local network

By neufuse
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

I am trying to get my one Raspberry PI to connect to an OpenVPN server but still allow it to talk to my local lan subnet 192.168.0.1/16 so I can SSH into it but all other traffic goes out the VPN (Split Tunneling?)

 

I tried to add 

  

route-nopull
route 192.168.0.1 255.255.0.0

 

into my ovpn config file all I get back is an error

 

  Quote

Options error: option 'route' cannot be used in this context

Expand  

and I lose connection to my SSH session

 

does anyone know the correct way to allow traffic from a OpenVPN client to the local network?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 24/09/2021 at 19:13, neufuse said:

192.168.0.1/16

Expand  

That is not a network, that is a host address.  And that would not be how you would do it on the client side even if network was correct.. You would need the gateway to use.

 

So I take it this pi is on the 192.168.0.0/.16 network?  With an address of 192.168.0.1?  And you want to talk to say 192.168.0.2 but route all other traffic out the vpn connection? Why would you use up all of the rfc1918 192.168 space via 1 network for starters.

 

Your pi being on any network normally wouldn't route traffic that local out the vpn.  Do you have other networks in the 192.168/16 space locally that your trying to get to?  Maybe a drawing of your network, and some details of exactly what your trying to accomplish would help.

 

If you use the route-nopull in your client, you would not be sending anything to the vpn unless you route traffic specifically to it.

 

What is the normal client config, server config your connecting to.. Do you have this - or is this some vpn service?

 

Normally if the vpn is setup correctly.. The client will route internet out the vpn, but any local networks would still be accessible be it on the local same network as the client.. If your server is using redirect-gateway, and you need to get to some local network.. For example in my case 192.168.3/24 is another network local.. While My server send internet traffic out the vpn, my local 192.168.9/24 traffic is local.. But can not get to 192.168.3/24

 

openvpn.jpg.44458dd7e2d451a15a904f1acf04435a.jpg

 

So just add the local route to my client config.

route 192.168.3.0 255.255.255.0 net_gateway

 

Now when connected to vpn, I can get to internet via vpn, my local network directly attached to 192.168.9/24 and also the other local network that my local router routes.

 

localnetworks.jpg.28c8567074d065e1dd928d8955c074bc.jpg

 

 

 

 

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Politically funny images of the World

      By Dutchie64 · Posted

      Stable..... No, he isn't..
    • The official Funny Pictures thread

      By Steffan · Posted

    • Samsung Galaxy S25 Edge sales are apparently terrible

      By RejZoR · Posted

      Of course the sales are bad. Who even asked for a thinner phone with way less battery? Lightness? It's still a giant brick, it's just a thinner giant brick. It makes no sense at all. Making folding phones thinner, now that does make sense. Because when folded, the thinner it is unfolded, the more usable and pocketable it is when folded. You already expect worse battery at expense of actually being more pocketable. Galaxy Flip, when folded is half the size of S Ultra models and about as thick. That does make a big difference when fitting it in a pocket. But the phone that's as big as Ultra, making it thinner, you don't really solve anything, it's still a giant slab that barely fits into a pocket. All the "Mini" phones made way more sense than this thin crap. Especially now that it's literally impossible to find a phone smaller than 6.5". My dad only needs phone for calls and SMS and he doesn't want to go with smartphone because they are all so massive. Especially cheaper ones. Like, he'd be fine with Galaxy A06 for all he cares in terms of hardware, but it only comes in giant 6.7" format. It's useless. Or is he suppose to find a 800€ old gen iPhone Mini or Zenfone? He doesn't even need those stupid specs and such stupid price. And then you see old people fumbling around with giant smartphones and they don't even need 3/4 of features on them.
    • WD SSDs still block Windows 11 24H2 download and installs, Microsoft may be guilty too

      By eilegz · Posted

      w11 its a mess... period
    • Nvidia and Foxconn planning to deploy humanoid robots within months

      By neufuse · Posted

      its funny now instead of robots built for a specific task which is more efficient we are focused on humanoid robots that are built for do anything but might not do it as well because of restrictions similar to how human body works and they were molded after...

  • Recent Achievements

    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator

  • Popular Contributors

    1. 1
      +primortal
      664
    2. 2
      ATLien_0
      270
    3. 3
      Michael Scrip
      218
    4. 4
      Steven P.
      162
    5. 5
      +FloatingFatMan
      158
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!