I have a VPN on a device (192.168.0.101) that assigns IPs on the 192.168.100.xxx subnet. The assigned 192.168.100.xxx IPs cannot see the internet or any device on 192.168.0.xxx that's not 192.168.0.101. Previous consumer router let this access just happen. (the 192.168.0.101 device is on a proxmox host that also has OpenWRT intalled and a virtual bridge is giving 192.168.0.101 access to OpenWRT - but I don't think the issue is with proxmox since since proxmox isn't in the business of routing)
I've tried a few things from adjacent search results and they didn't work (won't list them, they didn't work and reverted anyway). How do I set OpenWRT so that 192.168.100.xxx can access the main 192.168.0.xxx subnet and the internet?
I'm finding it hard to understand the topology here...
Is this device an OpenWrt system? Or some other system? Is this VPN acting in a server or client capacity?
What devices are assigned addresses in this subnet? (where are they relative to the network?)
Maybe a diagram would help -- be sure to make the diagram complete with all relevant infrastructure along with addresses for each device (real or virtual). Make it clear what OS/environment each device is running.
And then, for the hosts having issues connecting, show the addresses of those hosts and the addresses they are trying to reach.
We will surely want to see config information, too, but right now it's probably best to understand the topology first.
Thanks for taking the time to respond! I hope this network topology diagram helps, never made one before so tried my best.
The VPN is a server that accepts outside connections from clients and assigns them static IPs that are outside of the "main" local subnet. The VPN-assigned client 192.168.100.1 would physically be outside the network but due to the VPN its traffic would be originating from the VPN server.
An outside connection can make it to 192.168.0.101 and establish a VPN connection, get assigned a VPN client IP of 192.168.100.1, and SSH to 192.168.0.101 but that VPN client w/ IP 192.168.100.1 cannot access any other devices on the 192.168.0.xxx subnet (like 192.168.0.202 or 192.168.0.1 [OpenWRT device]) or the internet.
Let me know if you need more info, I may be leaving out needed info b/c I don't know it is essential!
what vpn protocol are you using? wireguard? openvpn? something else?
This problem is not related to OpenWrt since your VPN is not running on OpenWrt, but I think the solution should hopefully be simple by checking the VPN configuration. Your linux box will still be responsible for the routing between the VPN and main networks, but that doesn't necessarily need to be an issue.
You were right, I looked into the setup steps for the VPN (Wireguard) and it had an iptables definition that required calling out the network interface. I put eth0 per the guide but the network interface was actually named ens0. Changed those eth0 references in iptables to ens0 and it all works - I assumed OpenWRT needed a manual config to allow 192.168.100.xxx subnet to chat with the 192.168.0.xxx subnet but I was wrong!
Thanks for your time - especially since this wasn't an OpenWRT issue at all!
Glad it is working now! The linux host that is running the WG endpoint is, in this case, responsible for routing the traffic to your main network. It is probably running it in a NAT masquerade configuration currently.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.