I have setup OpenVPN and my test client is able to ping the OpenVPN Server and vice-versa.
However, I am unable to connect to (or ping) any other device on the local network.
Ultimately, I would like domain-joined VPN clients to be able to login in and authenticate against AD, as well as access things like printers, file shares etc (effectively behave in the same way as computers that are physically on the LAN).
My very basic setup is as follows:
OpenVPN Client Config:
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1197
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
key "C:\\Program Files\\OpenVPN\\config\\client01.key"
remote-cert-tls server
route-nopull
route 192.168.88.0 255.255.255.0 vpn_gateway
route 10.8.0.1 255.255.255.255 vpn_gateway
tls-auth "C:\\Program Files\\OpenVPN\\config\\tls-auth.key" 1
cipher AES-256-CBC
verb 3
OpenVPN Server Config
port 1197
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\issued\\server02.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\private\\server02.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\dh.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\easytls\\tls-auth.key" 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Our external IP is obscured above, but is set as appropriate.
Our Router/Gateway is set to forward all traffic on port 1197 to the OpenVPN Server LAN IP (192.168.88.14).
The OpenVPN Server gives out addresses in the range 10.8.0.x (although I cannot see in the config file where this is set).
My local LAN range is 192.168.88.x
My OpenVPN Server (Windows Server 2022) has a LAN IP of 192.168.88.14 and an OpenVPN IP of 10.8.0.1 This is a Virtual Machine running on HyperV. It has one NIC assigned to it which holds the internal LAN IP, as well as whatever NIC's are installed by OpenVPN Server.
Clients will be Windows 10/11 and will be remote users connecting from home to the office.
When the test client is connected, it can ping 10.8.0.1 and I can access \\10.8.0.1\share but I cannot access \\192.168.88.14\share or ping 192.168.88.14 or any other LAN IP.
From the OpenVPN Server, I can ping 10.8.0.6 (The IP given to the client), but I cannot ping the client from any other LAN PC.
I think I have set up a route from the Router/Gateway to push any 10.8.0.0/24 traffic towards the OpenVPN Server on 192.168.88.14 but I'm not sure if this is right. I've done this on a Mikrotik Router using WinBox GUI and it looks like this:
AS > (Dst. Address 10.8.0.0/24) (Gateway 192.168.88.14 reachable bridge) (Distance 1) (Routing Mark <blank>) (Pref. Source <blank>)
I have been at this for a couple of weeks now and cannot get it to work.
