Quantcast
Channel: Geekzone forums: LAN (ethernet/Wifi/routers/Bluetooth)
Viewing all articles
Browse latest Browse all 4224

OpenVPN: Accessing client LAN (site-to-site)

May 20, 2019, 5:00 am
$
0
0
I've got an OpenVPN site-to-site setup working ok, but unable to access any devices connected to the client side LAN.

This is between HOME (fibre connection) and a remote house (connected via 2degrees 4g, so CGNAT). Remote location has a bunch of IoT sensors, etc

Take this very simplified network diagram below, which highlights the key setup. (I've not included all the dozens of other home/remote devices to not confuse things)

Summary of setup:

OpenVPN server pushes routes to client

OpenVPN server has client-config-dir, and file containing iroute for client

Remote site is always connected to Home via OpenVPN

Mobile phone can connect to home network as required

What works:

Remote site connected via OpenVPN

Raspberry Pi can ping and access all HOME devices

Mobile connected via OpenVPN

Mobile can access HOME devices, plus access REMOTE raspberry pi

OpenVPN Server & Home devices (e.g. Desktop) can:

Ping all REMOTE devices (e.g. Raspberry pi, remote huawei modem, and wemos d1 minis)These work:

ping 192.168.10.1

ping 192.168.10.2

ping 192.168.10.10

Access Raspberry Pi via SSH, VNCserver, web, etc

What does not work:

Home devices (OpenVPN server or desktop) cannot access anything at REMOTE apart from raspberry pi.e.g. Home device cannot access web interface of Huawei modem, OR access Wemos d1 minis

Accessing this fails: http://192.168.10.1, or http://192.168.10.10

When running tcpdump for tun0 on the Raspberry Pi at REMOTE:

Ping from HOME to any REMOTE IP shows packets transmitted/received, OK

HTTP web request from HOME to REMOTE Raspberry Pi, shows packets transmitted/received, OK

HTTP web request from HOME to other REMOTE device (192.168.10.1), shows packets transmitted, nothing received, FAILED

Suspect this is a routing issue, but it's doing my head in!

Wondering if I need a better 4g modem/router at the REMOTE location, that will allow to set a static route in the router, telling remote LAN devices to route openvpn requests back via the raspberry pi???

At the moment the only way I can access the web interface of other devices at REMOTE, is to VNC into the Raspberry Pi, and then use the Raspberry Pi desktop and browser remotely to access those devices.
Search
Viewing all articles
Browse latest Browse all 4224
Search