OpenVPN Server: connection to VPN from computer logged into router

After setting up OpenVPN server to work with a dynamic DNS service I can connect to the VPN from outside the network but when I am logged into WiFi on my router running the OpenVPN server I cannot connect to the VPN. (I followed these directions and they worked great (https://openwrt.org/docs/guide-user/services/vpn/openvpn/server)).

Is there a way to configure so that I can connect to the VPN when I am connected to the router by WiFi?

Thanks!

[SOLVED] Unable to connect to OpenVPN server - #5 by vgaetera

Thanks for the quick reply! I've added 'float' to my client config but it still won't connect.

Here is my server.conf:

user nobody
group nogroup
dev tun
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

And my client.ovpn:

dev tun
nobind
client
float
remote mydns.duckdns.org 1194 udp
auth-nocache
remote-cert-tls server

Did I add 'float' correctly?

1 Like

Rebind your DDNS domain with the router's LAN address:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#hostnames

Collect the VPN client log if the issue persists.

I'm not sure what effect rebinding the DDNS domain with the router's LAN address would do or look like despite the link. I'm guessing you are referring to this code block in the link, but I'm failing to see how that is relevant for what I'm doing.

uci add dhcp domain
uci set dhcp.@domain[-1].name="mylaptop"
uci set dhcp.@domain[-1].ip="192.168.1.23"
uci add dhcp domain
uci set dhcp.@domain[-1].name="mylaptop"
uci set dhcp.@domain[-1].ip="fdce::23"
uci commit dhcp
/etc/init.d/dnsmasq restart

I'm relatively certain if I just run that code it won't fix my issue.

Also just to clarify my issue I'm connecting to my VPN server from a remote machine and then want to access that machine through the VPN server from a local machine (local to the VPN server). So far this is only working when I login to a hotspot other than the one my router/VPN server provides. I have a 192.168.8.* address when I connect to the VPN and a 192.168.1.* address when I just connect to the router directly. I'm trying to use remote desktop (RDP) from the 192.168.1.* computer to control the one connected to 192.168.8.* address. RDP works fine when both computers are connected to the VPN as expected, but it would be great to not have to create an additional hotspot all the time.

Change the remote mydns.duckdns.org 1194 udp into remote openwrt.lan 1194 udp or the lan IP when you connect from the wifi.

uci -q delete dhcp.ddns
uci set dhcp.ddns="domain"
uci set dhcp.ddns.name="ddns.example.org"
uci set dhcp.ddns.ip="192.168.1.1"
uci commit dhcp
/etc/init.d/dnsmasq restart
2 Likes

Shouldn't it also exclude the address from being resolved from the local record?

Rebind protection should filter results from upstream resolvers, not dnsmasq local records.

I meant that if ddns client tries to resolve the address of that hostname to verify if it needs to be updated.

uci set ddns.example.dns_server='1.1.1.1'
1 Like

Awesome! This works great. Thanks for that tip.

I don't quite understand this way, but is the gist of it that it avoids the 192.168.8.* addresses altogether and instead the VPN server uses 192.168.1.1?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.