Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
263 posts

Ultimate Geek
+1 received by user: 47


  Reply # 1834370 31-Jul-2017 15:02
Send private message

@freitasm:

 

Ok, so I have changed the VPN configuration to use the same IP range as the LAN, and it's working as before - it connects, can access the Internet but can't see LAN devices - no ping, no RDP, etc.

 

I suspect the L2TP protocol implementation is blocking this, because the OpenVPN tab has an option to allow VPN devices to see the LAN devices, which is not in the L2TP tab. Only using L2TP because no client is required on both Android and Windows, but might have to look at the OpenVPN implementation...

 

For those who mentioned the subnet... Yes, I understand how it won't see each other but thought there would be a way to define a route to get packets from one to another. Since nothing in that front I just change the IP range.

 

 

Just using the same IP range is insufficient to get broadcast traffic - you need to have bridging set up between the home subnet and the VPN subnet.  In OpenVPN, there are extra options for bridging - maybe L2TP does not support that.  I have never used L2TP as I always wanted the best encryption and OpenVPN allows me to do that.


3182 posts

Uber Geek
+1 received by user: 988

Subscriber

  Reply # 1834373 31-Jul-2017 15:09
Send private message

I suspect the L2TP protocol implementation is blocking this, because the OpenVPN tab has an option to allow VPN devices to see the LAN devices, which is not in the L2TP tab. Only using L2TP because no client is required on both Android and Windows, but might have to look at the OpenVPN implementation

 

I would take a punt that the option is there so it adds the "push route" stuff to the openVPN config. Or it is creating the appropriate "accept" firewall rules for you.

 

Did you check your client is set to use the VPN connection as the default route? On your windows client do a "route print" and you should see your VPN interface has a low metric if it is set as default route. Otherwise it gets a high metric in the sort of 200+ range.


 
 
 
 


121 posts

Master Geek
+1 received by user: 24

Subscriber

  Reply # 1834441 31-Jul-2017 16:26
Send private message

@freitasm:

 

I suspect the L2TP protocol implementation is blocking this, because the OpenVPN tab has an option to allow VPN devices to see the LAN devices, which is not in the L2TP tab. Only using L2TP because no client is required on both Android and Windows, but might have to look at the OpenVPN implementation...

 

 

 

 

I think you're right. Seems you cant push routes to a client in a L2TP tunnel, it needs to be configured client side and my head is hurting reading the microsoft documentation.

 

 

 

It's fairly straightforward to achieve what you want using openvpn though, and there are plenty of free open source clients to choose from.




BDFL - Memuneh
59180 posts

Uber Geek
+1 received by user: 10414

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1834442 31-Jul-2017 16:28
Send private message

*sigh*

 

Might have to get the OpenVPN up and running then. Will be back later.





3629 posts

Uber Geek
+1 received by user: 396

Trusted

  Reply # 1834446 31-Jul-2017 16:39
Send private message

While not using the same hard are. I have had two l2tp Vpns, one was i into, the other is a ubiquiti USG, both able to access my local network. One as a portion of the regular subnet and the other as a new vlan/subnet.

But I've only ever use iOS as the client, unless that has any bearing on it.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex




BDFL - Memuneh
59180 posts

Uber Geek
+1 received by user: 10414

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1834449 31-Jul-2017 16:48
Send private message

OpenVPN up and running, connected but still no LAN-side access, only Internet... This is the route table when connected

 

 

=======
Interface List
3...34 64 a9 03 c9 ee ......Intel(R) Ethernet Connection (3) I218-LM
14...60 57 18 a5 83 8c ......Microsoft Wi-Fi Direct Virtual Adapter
36...00 ff 97 03 59 4a ......TAP-Windows Adapter V9
5...60 57 18 a5 83 8b ......Intel(R) Dual Band Wireless-AC 7265
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
=======

 

IPv4 Route Table
=======
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.252 35
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 35
10.8.0.0 255.255.255.0 10.8.0.5 10.8.0.6 35
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 35
10.8.0.4 255.255.255.252 On-link 10.8.0.6 291
10.8.0.6 255.255.255.255 On-link 10.8.0.6 291
10.8.0.7 255.255.255.255 On-link 10.8.0.6 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 35
192.168.2.0 255.255.255.0 10.8.0.5 10.8.0.6 35
192.168.43.0 255.255.255.0 On-link 192.168.43.252 291
192.168.43.252 255.255.255.255 On-link 192.168.43.252 291
192.168.43.255 255.255.255.255 On-link 192.168.43.252 291
203.86.203.11 255.255.255.255 192.168.43.1 192.168.43.252 35
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.8.0.6 291
224.0.0.0 240.0.0.0 On-link 192.168.43.252 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.8.0.6 291
255.255.255.255 255.255.255.255 On-link 192.168.43.252 291

 





1452 posts

Uber Geek
+1 received by user: 124

Trusted

  Reply # 1834466 31-Jul-2017 17:07
Send private message

Are you trying to use IP or hostnames of internal systems?

 

i.e. is it an internal DNS issue not so much a routing issue?





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

Want to be with an awesome ISP? Want $20 credit too? Use this link to sign up to BigPipe.




BDFL - Memuneh
59180 posts

Uber Geek
+1 received by user: 10414

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1834468 31-Jul-2017 17:19
Send private message

Sorted on OpenVPN. LAN still on 192.168.2.0, OpenVPN on 10.8.0.0/24... Created a router firewall rule explicitly allowing traffic from 10.8.0.0 to any 192.168.2.0 destination. On my HP Microserver I created an inbound rule allowing connections from 10.8.0.0 - 10.8.0.254 (note that Windows Firewall wouldn't allow connection if using 10.8.0.0/24). 

 

Now I can access both the router and devices on LAN.

 

Thanks for all suggestions.





1 post

Wannabe Geek


  Reply # 1834562 31-Jul-2017 22:24
Send private message

Hi,

 

I know you have sorted your VPN already through firewall rules but have you tried editing VPNConfig.ovpn and enabling "redirect-gateway def1"?

 

I also have the synology router and trying to learn these things....




BDFL - Memuneh
59180 posts

Uber Geek
+1 received by user: 10414

Administrator
Trusted
Geekzone
Subscriber

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.