Has anyone figured out how to be able to route to the LAN IP addresses with the VPN acting as the client? I have a Slate AX (GL-AXT1800) connected as a client via OpenVPN. I would like to be able to access the LAN IP addresses of the Slate AX from the VPN. VPN is set up as Global Proxy (all traffic goes through VPN) and Allow Remote Access LAN is enabled. I cannot get anything to route down the tunnel when masquerade is disabled. As long as masquerade is enabled I can reach everything on the VPN server from the client. But cannot reach the LAN IPs from the server. I have routes on the server pointed towards the Slate AX VPN IP, but no joy… Curious if anyone has figured this out?
Its not clear to me what Step 3 is… Is Step 3 assuming that the AXT1800 is the OpenVPN server? For clarity (if needed) the At1800 is a client on an already established OpenVPN server. The routes have already been added to the OpenVPN server. I do not see any traffic on the VPN when Masquerading is disabled. I was expecting to see the IPs of the 192.168.8.x subnet when disabling NAT… Even with adding the route like you show in Step 2, I see no 192.168.8.x IPs show up on the server’s interface. Nor do I see the local subnet IPs being routed to the VPN when performing a tcpdump on the AXt1800… VPN works fine with Masquerading on… I’m missing something as I’m about to replace this with a RPi… So much easier to work with, IMHO…
Hi!
I continue this topic with my request because with the considerations above I have solved the 50% of my issue: thank you @dxf.
My configuration is composed as for the attached picture. The goal consists in reaching the IP Camera in the OpenVPN client’s LAN from another client (for example by a smartphone).
I have followed all the steps described by @dxf (replacing obviously the LAN client’s ip address with 192.168.20.0) and now I’m able to access to the IP camera with my laptop connected directly to the OpenVPN server.
I’ve read the official guide of the OpenVPN community where are explained all the steps to configure the client’s LAN access between clients. The procedure is similar/equivalent to the @dxf’s, I have only added also the statement --push “route 192.168.20.0 255.255.255.0” under --client-config-dir “/etc/openvpn/client_config_dir” \in the /lib/netifd/proto/ovpnserver.sh file.
Client-to-client switch is turned-on in the GL-MT300N-V2 Server OpenVPN.
Allow access to LAN is turned on in the GL-MT300N-V2 OpenVPN client.
When I enable the OpenVPN client in my smartphone and I type the OpenVPN IP address 10.8.0.2 in the web browser, I’m able to access to the main page of the GL-MT300N-V2 client. 192.168.20.x IP addresseses are instead not reachable.
Probably I have only to configure correctly the additional route in the server, but due to my little experience/knowledge I’m not understanding in which way to proceed.
Thank you in advance for the (possible) suggestions!
Hi @dxf,
thank you for your reply.
I’m really sorry but I don’t understand why I have to change the Authentication Mode…
Anyway I have applied your suggestions but without success… the LAN side of the GL-MT300N-V2 client where the IP Camera is connected is still only reachable from the server… not by the Smartphone Client.
When the OpenVPN application is enabled in my smartphone, all the traffic is routed through OpenVPN: am I right? If yes, when I try to access to the IP 192.168.20.2, request is sent to the OpenVPN server: why it doesn’t re-route the request to the other client following the pre-programmed route roule?
Also the IP address 192.168.20.1 (GL-MT300N-V2 client’s LAN IP) is not reachable from my smartphone, only from server. Instead if I type 10.8.0.2 IP address in my Smartphone, the welcome page of the other client is shown correctly.
Thank you!
Because all clients need to be notified that iroute 192.168.20.0 is a camera subnet.
Therefore, the /etc/openvpn/client_config_dir/camera must be bound to the camera ovpnclient (mt300n-v2), so the file name must be the same as the username of the ovpnclient.
In my environment, it works;
Please try this step again and write out the steps
Hi @dxf,
thank you for the clarification.
The same file camera.ovpn must to be imported in the MT300N-V2 client and Smartphone Client app: am I right?
Thank you!
Ok, but in my Smartphone which client.ovpn file I have to import? I have to add another user in the server with username and password? Following your instruction the DEFAULT file create in origin is removed and replaced by camera. Exporting the client configuration with the GL-MT300N-V2 gui I obtain - obviously - a unique file. Please explain me step by step how to create the Smartphone client configuration.
Thank you in advance for the support!
Inside camera file I’ve typed the following statements: iroute 192.168.20.0 255.255.255.0 (routing rule to the LAN side of the client) ifconfig-push 10.8.0.2 255.255.255.0 (static IP address assignement to the client)