Openvpn access problems

[mister]

Dear all,
I have a question to the experts here in the community.
I am using Merlin 386.14 on my RT AC 86u without any problems.
The openvpn server is configured that I am able to access via Internet through my network devices. That is working normally well. For example I am able to access via ssh to my router via android terminal, if I am away.
No Problem so far.
What I realized is, that the access via ssh seems to be blocked on the wifi network of my business hotel, even if I estabished the connection to my asus router.
That means that I am connected through my router and I am able to access to it via webui, but not via ssh.

Ipleak shows the ip of my homeconnection.

If I am switching to mobile data and connect through the openvpn server on the same way, it is working without any problems. Normally I am able to access via wifi and vpn with ssh without any problem, but currently not at the business hotel wifi.

So my question is: how can ssh be blocked if the vpn connection is estabished? I thought, that if the vpn connection is there, nobody could see, if I am using ssh or http.
Did I have a missconfiguration on my openvpn server on asus or do I have to add a line in the configuration file? Can I get it working from the hotel?
Many thanks for your support.

Hugo

 

[eibgrad]

If you're connected to the OpenVPN server and your app (ssh or anything else) references the remote IP network over the tunnel, either because you've made the tunnel your default gateway or pushed it to the OpenVPN client, it should be routed through the tunnel and work. Usually.

So what could still go wrong? This might be a case of your home network and the local IP network of the hotel having the same or overlapping IP networks (e.g., both you and the hotel are using 192.168.1.x). If that happens, any reference to 192.168.1.x will remain local and NOT be routed through the OpenVPN tunnel!

That's why we recommend you do NOT use any of the common default private IP networks (e.g., 192.168.1.x, 192.168.0.x) if you're a frequent roadwarrior. There's just too much risk of a conflict compared to using something more obscure (e.g., 10.99.134.x). But you can never eliminate the risk entirely.

 

[mister]

Many thanks for your quick reply. I am not using 192.168.1.1 as network, mine is 192.168.143.1 and I the hotel network is a 10 er network. I am able to access to webui if I use firefox and the ip of the network device. So it seems, that it can be accessed in general under the ip.

 

[eibgrad]

Many thanks for your quick reply. I am not using 192.168.1.1 as network, mine is 192.168.143.1 and I the hotel network is a 10 er network. I am able to access to webui if I use firefox and the ip of the network device. So it seems, that it can be accessed in general under the ip.

There's also a risk of a conflict w/ the tunnel's IP network, which by default, is often in the 10.x.x.x range.

I once visited a large hotel in Pennsylvania that decided to use 192.168.0.0/16 for its own IP network. Yes, the entire 192.168.x.x range, all 64k possible hosts.

 

[mister]

Thank you for your reply. I played a little bit and found the solution. I need to add mssfix 1300 to the configuration of that network. Then the Problem is fixed.