Connect to LAN Devices from OpenVPN (Purple)

Comments

9 comments

  • Avatar
    Firewalla

    Make sure when you are testing, you are on LTE (not the same network you try to VPN in). After that, try to ping a know device that response to pings on your home network, if that's not responding, disable all rules with regards to network segments ... If that does not work, then let us know, we can help you look

    In general, when you are VPN into the network, you should be able to ping local devices

    0
    Comment actions Permalink
  • Avatar
    Matt Payne

    Yes, definitely off the home network. I turn wifi off on my phone, start the OpenVPN profile, and it connects right away. Interestingly, my desktop can ping my phone's IP address, but not the other way around. Similarly, if I turn off OpenVPN on my phone, turn on wifi hotspot, connect my laptop to my phone (so now my laptop is outside the home network), and then start OpenVPN on my laptop, I also connect right away to my home Purple, yet again my desktop can ping my laptop (I even ssh'ed into it just to be sure), but my laptop cannot ping any home network devices.

    I haven't set up any groups or network segments yet at all. The only rules right now are the default Active Protect and block all traffic from the internet. I removed the rules to allow traffic between the OpenVPN and LAN networks since it didn't seem to help anything.

    Any ideas? Thanks!

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Let me create a ticket for you. May need logs from you 

    0
    Comment actions Permalink
  • Avatar
    AJ

    This was a while back. But I'm experiencing the same issue. Was this ever resolved?

    0
    Comment actions Permalink
  • Avatar
    Matt Payne

    Not exactly. It seems my real issue was trying to connect using hostnames instead of IP addresses. If I use the IP address, I can connect no problem across networks (VPN network to LAN network). However, I can't connect using the hostname of a device. I believe this would require something acting as a DNS? I'm not sure, I never looked further into it once I realized just using IP addresses got me what I wanted.

    0
    Comment actions Permalink
  • Avatar
    AJ

    Thanks, my issue was related to local firewall on my desktop. Had to configure inbound and outbound rule for the VPN network.

    When VPN in, if your Firewalla is in router mode your Firewalla is acting as the DNS server. Should be away to configure it to associate IP to hostname.

    0
    Comment actions Permalink
  • Avatar
    Matt Payne

    I finally found my answer. It was here all along:

    https://help.firewalla.com/hc/en-us/community/posts/360051005893/comments/360012822494

    OpenVPN is a layer 3 VPN, when it connects, you are actually on a separate network, this means, MDNS based DNS mappings will not show up. 

    What you can do alternatively is use Firewalla's internal DNS capabilities.   You can find this configuration under devices->[find your device]-> Local Domain

    So it looks like the Firewalla generates its own hostname for each device that does work across OpenVPN. For example, I can remote in over OpenVPN and connect to Computer1 by using the hostname Computer1.lan instead. Alrighty then!

    1
    Comment actions Permalink
  • Avatar
    AJ

    https://help.firewalla.com/hc/en-us/community/posts/21724578148115-How-do-I-assign-an-internal-DNS-server-for-OpenVPN-to-hand-out-to-clients-when-connected

    If you wanted to, you could change your DNS for OpenVPN. This may be irrelevant now. But in case you want to remove the .lan from your steps of connecting.

    0
    Comment actions Permalink
  • Avatar
    Matt Payne

    I currently have it set to the Firewalla's IP address on the LAN network (as opposed to the OpenVPN network), i.e. the LAN's DNS address. What should it be?

    0
    Comment actions Permalink

Please sign in to leave a comment.