Monday, January 26, 2015

routing - No internet access when toggling `redirect-gateway` in OpenVPN client config

I have a router with IP 192.168.1.1 subnetting 192.168.1.0/24.




On that subnet, a Synology NAS has an IP of 192.168.1.181 and is running a VPN server using subnet 192.168.2.0/24.



When I connect a client to that server from outside both networks, I get assigned 192.168.2.6. From that client I can ping machines on 192.168.1.0/24 (192.168.1.17 & 192.168.1.181 for example) and 192.168.1.1 & 192.168.2.1.



From machines already on 192.168.1.0/24, I can ping the VPN client (192.168.2.6) after adding a static route of route add 192.168.2.0 mask 255.255.255.0 192.168.1.181 (windows).



Before adding the redirect-gateway line to the client config, I would be able to access the internet while on the VPN but was unable to access local web services like a router service or the Synology NAS web service (running within 192.168.1.0/24). I thought this was maybe because the external IP (whatmyip.org) from a VPN client showed the same external address as if I was not connected to the VPN.



After adding the redirect-gateway line to the client config, I verified I had the correct external IP (matches the 192.168.1.0/24 clients external IP) when connected but could not access external sites (google.com) but could access internal web services (192.168.1.1's & 192.168.1.181's).




What am I missing?





Weird observation, not sure why but the client (192.168.2.6) gets a DHCP & gateway server of 192.168.2.5 which as far as I know, isn't anything that exists. I can't ping it. 192.168.2.1 is definitely the VPN server and I can access it's web service (192.168.1.181 on 192.168.1.0/24).



Connected client ipconfig /all:



Description . . . . . . . . . . . : TAP-Windows Adapter V9
DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Thursday, August 13, 2015 11:55:43 AM
Lease Expires . . . . . . . . . . : Friday, August 12, 2016 11:55:42 AM
Default Gateway . . . . . . . . . : 192.168.2.5
DHCP Server . . . . . . . . . . . : 192.168.2.5
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...