Any additional config required to access other devices in LAN via OpenVPN?

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
iono
Posts: 11
Joined: Sat Feb 11, 2017 7:51 am

Any additional config required to access other devices in LAN via OpenVPN?

Post by iono »

I've successfully installed OpenVPN on DietPi, and got the .ovpn file. I connected to my Raspberry Pi Zero W successfully with no-ip on my smartphone. But I couldn't ping any devices in my LAN network.

So how can we make it so my smartphone can see the LAN devices via OpenVPN? Any other configuration required? Note that I don't have Pi Hole.
User avatar
Joulinar
Posts: 2277
Joined: Sat Nov 16, 2019 12:49 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by Joulinar »

Hi,

many thanks for your report. Pls can you check following on command line

Code: Select all

sysctl net.ipv4.ip_forward
It should return 1, to be able to route the traffic into you local network
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
iono
Posts: 11
Joined: Sat Feb 11, 2017 7:51 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by iono »

Thank you for your response. This is what I got:

Code: Select all

root@DietPi:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
EDIT: just in case if this helps: I am using USB Wifi dongle (Edimax EW-7612UAn V2 N300) on the Pi Zero W and I have disabled the onboard wifi.
User avatar
trendy
Posts: 133
Joined: Tue Feb 25, 2020 2:54 pm

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by trendy »

It usually is a routing issue. The dietpi device has an extra subnet for the OpenVPN. However the rest of the lan hosts don't know about that and use as gateway the ISP router.
A couple of solutions: Add a static route to the ISP router for the OpenVPN subnet via dietpi. This however results in routing asymmetry and might trigger the invalid packet protection of the firewall of the ISP router.
Masquerade the traffic from OpenVPN subnet when egressing the local interface. This is a bit more stressful to the CPU due to source translating all packets.
iono
Posts: 11
Joined: Sat Feb 11, 2017 7:51 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by iono »

The dietpi device has an extra subnet for the OpenVPN.
Networking is not exactly my forte, unfortunately, but is this the tun0 that has inet like 10.8.0.1 ?

Actually, I have tried connecting to OpenVPN from my smartphone, then SSH into 10.8.0.1 and see that I am on my DietPi. I see I could ping other devices in my LAN network of 192.168.x.x from the terminal of my DietPi here.

Long ago, I used some sort of OpenVPN auto-installation script that installed everything on Raspbian similarly to DietPi, but I could VPN in and connect to all my LAN devices via 192.168.x.x from my smartphone via 3G/4G. I'm not sure what sort of settings it did behind the scenes, as the whole thing is automatic.

But then, if I am to connect to other devices, just like in the past, what must be done here?

Alternatively, is it possible for other devices to join this DietPi's 10.8.x.x instead? Usually, I will VPN in just to check my IoT devices via Grafana on browser and perhaps do some SSH/VNC on other Raspberry Pis. That's all.
User avatar
Joulinar
Posts: 2277
Joined: Sat Nov 16, 2019 12:49 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by Joulinar »

Probably you can have a look to PiVPN. Usually it simplifies thinks to mage your OpenVPN clients and connections.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
iono
Posts: 11
Joined: Sat Feb 11, 2017 7:51 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by iono »

Joulinar wrote: Mon Sep 28, 2020 10:17 pm Probably you can have a look to PiVPN. Usually it simplifies thinks to mage your OpenVPN clients and connections.
I see. Let me try it once home. Must I uninstall OpenVPN first or is PiVPN smart enough to figure out the existing OpenVPN configuration in this case?
iono
Posts: 11
Joined: Sat Feb 11, 2017 7:51 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by iono »

Joulinar wrote: Mon Sep 28, 2020 10:17 pm Probably you can have a look to PiVPN. Usually it simplifies thinks to mage your OpenVPN clients and connections.
I have tried installed PiVPN and have it install WireGuard. Everything works out of the box. Thank you for your support. :D
User avatar
Joulinar
Posts: 2277
Joined: Sat Nov 16, 2019 12:49 am

Re: Any additional config required to access other devices in LAN via OpenVPN?

Post by Joulinar »

Yes PiVPN is supporting both OpenVPN as well as WireGuard. PiVPN is nothing else than a admin interface to manage you clients. If not needed you could remove the OpenVPN server you installed before. Just to be one safe side, create a dietpi-backup before. Just in case something breacks on OpenVPN uninstall :)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply