FWG VPN Server - Can Surf from Client But Cannot See/Access Home Network Devices
Hello All,
I can remotely connect to my FWG VPN Server and surf without any issues; however, I cannot access or view any devices on my home network. I noticed the VPN Server uses a different IP range than my home network but I don't see anywhere I can change it.
The instructions reference something about "Manual Install" but I don't actually see that anywhere. As I recall VPN servers, in general, must assign a compatible IP range to remotely-connecting devices.
Am I missing something in the setup? Thank you.
-
Thank you for your reply. Hmm...
"local domain name"...here's what I see at the device level (a camera I'm trying to remotely view):
As seen from my iPhone via a cellular connection (not wi-fi) via FWG VPN Server:
If "local domain name" means "beecam.lan", then I still do not see the login screen (via a browser) to my camera. I've also tried using the direct IP address 10.0.1.160 without success.
What am I not understanding about this? Thank you.
-
I am having the same issue, this is my configuration:
I have a Firewall Gold connected in the following way:
ISP -> FWG -> Eero
Eero:
- DHCP & NAT = Bridge
- UPnP = On
- DNS = Default
- WAN IP Address = -.-.-.
- Gateway eero IP Address = Not connected
- IPv6 = Off
FWG:
- Networks: LAN1 (192.168.162.1/24) WireGuard (10.189.22.1/24)
- Source NAT = On
- Source Networks = 192.168.161.1/24
- NAT Passthrough = Everything disabled
- Port Forwarding = (UPnP Disabled)
- DMZ = Off
I can connect using WireGuard (Firewalla reports the connection) and I receive IP addresses in the subnet 10.189.22.1/24 which is the VPN network, but I cannot 'see' any of the machines in my LAN1 network, using their localdomain name or their IP address.
In the only response given by a member of the Firewalla team:
Firewalla VPN runs on a network that's adjacent to your home network.
The best way to access your home devices is to use the "local domain name"; you can find that or change it at
tap on devices->[find your device]-> look for local domain
Or you can just use their raw IP address.
The answer is super vague, non technical a lacks of any explanation on how to solve the issue, whether the person receiving the information knows or lacks any knowledge on the subject. Could someone in the Firewalla team takes responsibility for answering this question?
-
1. When you connect back to FWG, check your public IP address, make sure it is the same as your home network.
2. Tripple check if you have any policies to block local network
3. Tripple check the IP address of the device doing the VPN is NOT the same network as your home or VPN network. <= for example, if your phone is 192.168.1.1 and your home network is 192.168.1.1, you are unlikely to connect to your home network
-
I too am having the same type of problem.
I can connect to my home network from my laptop (on another network away from home) using the OpenVPN client.
If I go to whatsmyip.com in the browser it shows my public IP address on my home network. All good.
However I cannot see the other devices on my home network. I try to ping my desktop on the home network at desktop.lan or with the Local IP address and get no response.
The local network IP address for my laptop is 192.168.1.115
The Laptop VPN address is 10.137.113.6
The home network is 192.168.254.1
If I tracertr to desktop.lan it routes to the Firewalla at the interface of the VPN network 10.137.113.1 but goes no further.
I have rules on Firewalla to filter out traffic from outside the USA to port 3389 and to block gaming sites and the default bundle
I may be wrong but it seems like Firewalla is not routing the ping (or other network traffic) from the VPN network to the home network
Also, I cannot see remote devices in File explorer.
-
I have a similar issue. When I accessing my home network using the VPN on a WiFi network everything works fine, but if I switch to the cellular network I can no longer access anything local at my house. The only change is my phone is fine on WiFi, but fails on cellular. Very weird.
-
I had thought it was an IP conflict, and I changed the my VPN IP range to a different one and still have the same result. After a lot of testing it appears to be T-Mobile specific. When I connect using the hotspot on my iPhone that is on Verizon it works fine and it works fine on my iPhone that is on Verizon. I tried a friend's phone on AT&T and it works fine as well, but any phone I try on T-Mobile it fails. I can connect to the VPN on T-Mobile just fine and Internet traffic routes through the VPN and works.
I downloaded an App called Network Analyzer that is available on both Android and iPhone and the only differences I can see between the carriers is on AT&T and Verizon the phones get a private IPv4 address from the carrier. When I run the same app on T-Mobile it is not giving out a private IPv4 address just an IPv6 address. I am assuming that is what might be causing the issue, as it is the only difference I am seeing between the carriers.
-
Just an update. I ended up getting it working by lowering the MTU to 1452 on the WireGuard client on my phone and I am able to get to all my home resources on the VPN and my internet tunnel through the VPN is much faster as well. I verified it works on my iPhone on T-Mobile as well. It appears to be specific to T-Mobile. I even tried creating a VPN using OpenVPN and it had the same issue. I also changed the MTU on it as well and it fixed the issue. Just wanted to share incase others have problems.
-
I tried my iPad and it looks like its experiencing the same issue. I installed both OpenVPN and Wireguard, but my iPad cannot access my internal network servers. So it seems that perhaps the OS isn't the culprit?
I am on Firewalla Beta so I'll try downgrading to the stable version and see if that resolves the issue.
-
In my case, this hint lead me to the solution: https://www.reddit.com/r/firewalla/comments/p2pb09/lan_access_through_wireguard_vpn/
On the client device (iPhone), I had to go into the settings in the Wireguard app and add the local network IP range to the list of allowed IPs. It is now "0.0.0.0/0, 192.168.1.0/24"
Please sign in to leave a comment.
Comments
18 comments