Connect to LAN Devices from OpenVPN (Purple)
I feel like I'm missing something simple here. I'm pretty new to this level of networking, but well versed in other areas of computing so I should be able to grasp this. I want to be able to use OpenVPN to remotely connect to any up devices on my home LAN. Pretty simple, right? Could be my NAS, a desktop PC, whatever. I can't get it to work!
My network is simple. Modem > Purple > unmanaged switch > devices. Purple is set up in router mode with one LAN network and one OpenVPN server network. I can easily connect to the OpenVPN server from the client app on my phone, but I can't access anything on the LAN. No ping, nothing. Logging off VPN and connecting back to the wifi, everything works as normal and I can access anything on the network.
I tried setting up Rules to allow bi-directional traffic between LAN and OpenVPN to no effect. I tried messing with IP's, subnet masks, and DNS servers on both networks and nothing worked, but I'm wondering if the key is in some of that? Is there a certain pattern of settings on these two networks required to make this work? I've read quite a few posts and articles and so far nothing has helped.
-
Make sure when you are testing, you are on LTE (not the same network you try to VPN in). After that, try to ping a know device that response to pings on your home network, if that's not responding, disable all rules with regards to network segments ... If that does not work, then let us know, we can help you look
In general, when you are VPN into the network, you should be able to ping local devices
-
Yes, definitely off the home network. I turn wifi off on my phone, start the OpenVPN profile, and it connects right away. Interestingly, my desktop can ping my phone's IP address, but not the other way around. Similarly, if I turn off OpenVPN on my phone, turn on wifi hotspot, connect my laptop to my phone (so now my laptop is outside the home network), and then start OpenVPN on my laptop, I also connect right away to my home Purple, yet again my desktop can ping my laptop (I even ssh'ed into it just to be sure), but my laptop cannot ping any home network devices.
I haven't set up any groups or network segments yet at all. The only rules right now are the default Active Protect and block all traffic from the internet. I removed the rules to allow traffic between the OpenVPN and LAN networks since it didn't seem to help anything.
Any ideas? Thanks!
-
Not exactly. It seems my real issue was trying to connect using hostnames instead of IP addresses. If I use the IP address, I can connect no problem across networks (VPN network to LAN network). However, I can't connect using the hostname of a device. I believe this would require something acting as a DNS? I'm not sure, I never looked further into it once I realized just using IP addresses got me what I wanted.
-
I finally found my answer. It was here all along:
https://help.firewalla.com/hc/en-us/community/posts/360051005893/comments/360012822494
OpenVPN is a layer 3 VPN, when it connects, you are actually on a separate network, this means, MDNS based DNS mappings will not show up.
What you can do alternatively is use Firewalla's internal DNS capabilities. You can find this configuration under devices->[find your device]-> Local Domain
So it looks like the Firewalla generates its own hostname for each device that does work across OpenVPN. For example, I can remote in over OpenVPN and connect to Computer1 by using the hostname Computer1.lan instead. Alrighty then!
-
If you wanted to, you could change your DNS for OpenVPN. This may be irrelevant now. But in case you want to remove the .lan from your steps of connecting.
Please sign in to leave a comment.
Comments
9 comments