I’ve successfully installed OpenVPN on DietPi, and got the .ovpn file. I connected to my Raspberry Pi Zero W successfully with no-ip on my smartphone. But I couldn’t ping any devices in my LAN network.
So how can we make it so my smartphone can see the LAN devices via OpenVPN? Any other configuration required? Note that I don’t have Pi Hole.
many thanks for your report. Pls can you check following on command line
It should return 1, to be able to route the traffic into you local network
Thank you for your response. This is what I got:
root@DietPi:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
EDIT: just in case if this helps: I am using USB Wifi dongle (Edimax EW-7612UAn V2 N300) on the Pi Zero W and I have disabled the onboard wifi.
It usually is a routing issue. The dietpi device has an extra subnet for the OpenVPN. However the rest of the lan hosts don’t know about that and use as gateway the ISP router.
A couple of solutions: Add a static route to the ISP router for the OpenVPN subnet via dietpi. This however results in routing asymmetry and might trigger the invalid packet protection of the firewall of the ISP router.
Masquerade the traffic from OpenVPN subnet when egressing the local interface. This is a bit more stressful to the CPU due to source translating all packets.
The dietpi device has an extra subnet for the OpenVPN.
Networking is not exactly my forte, unfortunately, but is this the tun0 that has inet like 10.8.0.1 ?
Actually, I have tried connecting to OpenVPN from my smartphone, then SSH into 10.8.0.1 and see that I am on my DietPi. I see I could ping other devices in my LAN network of 192.168.x.x from the terminal of my DietPi here.
Long ago, I used some sort of OpenVPN auto-installation script that installed everything on Raspbian similarly to DietPi, but I could VPN in and connect to all my LAN devices via 192.168.x.x from my smartphone via 3G/4G. I’m not sure what sort of settings it did behind the scenes, as the whole thing is automatic.
But then, if I am to connect to other devices, just like in the past, what must be done here?
Alternatively, is it possible for other devices to join this DietPi’s 10.8.x.x instead? Usually, I will VPN in just to check my IoT devices via Grafana on browser and perhaps do some SSH/VNC on other Raspberry Pis. That’s all.
Probably you can have a look to PiVPN. Usually it simplifies thinks to mage your OpenVPN clients and connections.
I see. Let me try it once home. Must I uninstall OpenVPN first or is PiVPN smart enough to figure out the existing OpenVPN configuration in this case?
I have tried installed PiVPN and have it install WireGuard. Everything works out of the box. Thank you for your support.
Yes PiVPN is supporting both OpenVPN as well as WireGuard. PiVPN is nothing else than a admin interface to manage you clients. If not needed you could remove the OpenVPN server you installed before. Just to be one safe side, create a dietpi-backup before. Just in case something breacks on OpenVPN uninstall