3

I have a TP-Link VR400 Archer router on which I want to enable the OpenVPN server, so that a remote user can connect to the network and access a specific computer on the internal LAN. The router has an address of 192.168.0.99, subnet mask 255.255.255.0, and has a DHCP server running, handing out addresses in the range 192.168.0.100-192.168.0.150. The default settings for the OpenVPN configuration on the router's web interface are a VPN Subnet of 10.8.0.0 and Netmask of 255.255.255.0.

If I go with that, I assume it means that when I connect via an OpenVPN client from the remote computer, that remote computer will be seen as within subnet 10.8.0.0 and will therefore not be able to talk to the particular computer in question which it needs to, namely 192.168.0.10. How do I allow it to do so? I have heard about something called static routing, so I'm wondering whether that might be the answer?

The TP-Link router does allow me to set up a PPTP VPN instead, with a constrained IP range. It defaults to suggesting 10.7.0.11 - 10.7.0.20, but might it be possible to change that to something like 192.168.0.151 - 192.168.0.160, i.e., within the same subnet as the local computers but with no possibility of a clash?

John Moore
  • 171
  • 1
  • 6

2 Answers2

3

Selecting 'Internet and Home Network' does indeed work as I had hoped. I enabled the OpenVPN server on the router with this setting, and connected to it from a remote OpenVPN client, which had been assigned the IP address 10.8.0.6. Although there is a machine on the remote client's LAN with the IP address 192.168.0.1, it does in fact connect correctly to the server with the IP address 192.168.0.1 on the LAN behind the OpenVPN server.

John Moore
  • 171
  • 1
  • 6
  • Correct. It is a consequence of routing rule added at vpn startup. either 192.168.0.0/24 is desserved by tun0 interface (vpn is up), or by eth0 (vpn is down). – Chaoxiang N Nov 22 '19 at 05:33
1

According to the documentation page 67 :

  1. Select your Client Access type. Select Home Network Only if you only want the remote device to access your home network; select Internet and Home Network if you also want the remote device to access the internet through the VPN Server.

This means that the vpn server push your home network (192.168.0.0/24) route automatically to the openvpn client when it connects.

And you are right, the openvpn client will have a 10.8.0.x ip address.

Chaoxiang N
  • 1,218
  • 4
  • 10
  • OK, I think I understand that a little better. If the remote LAN I'm connecting from also has a machine with the IP address of 192.168.0.10, I presume my remote client would connect to that in preference to the one behind the VPN server, but maybe choosing 'Internet and Home Network' would get around this? Otherwise how could my remote client specifically target a machine behind the VPN server, instead of one with the same IP address on its local LAN? – John Moore Nov 21 '19 at 17:55