What's new

Secure remote access - how?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Stroke of luck: I’m just at a public wifi with network address 192.168.0.0/24 with the router at 192.168.0.1. And, connected to my home network (via OpenVPN Server) I can access my router login page at 192.168.10.1. And if, instead, and still connected via OpenVPN, I enter 192.168.0.1 into my browser, I get the (poorly secured) login page for the gateway on this remote public wifi network.

Good point you made about setting the LAN and Internet access at both.

Hmm. Then it is quite weird that I cannot reach 192.168.1.1 on the local network at my cottage when connected to my home VPN.
 
Hmm. Then it is quite weird that I cannot reach 192.168.1.1 on the local network at my cottage when connected to my home VPN.
And, given your advice to the others and your obvious expertise, you’ve clearly got your settings to Both rather than LAN only or Internet. And you’ll no doubt have Advertise DNS to clients set to Yes (not that I think that’d make much difference). Perhaps I should send you a screenshot of my settings to see if anything jumps out at you?
 
And, given your advice to the others and your obvious expertise, you’ve clearly got your settings to Both rather than LAN only or Internet. And you’ll no doubt have Advertise DNS to clients set to Yes (not that I think that’d make much difference). Perhaps I should send you a screenshot of my settings to see if anything jumps out at you?

I am no expert, but follows the advice of those who know more and like to share to others what settings work for me.
Indeed I have Advertise DNS to clients for DOT.
No need for that, just a curiosity. Thanks anyway :).
 
Might be a modem or two in the middle using 1.1 as well
 
@martinr
I did som more research due to that I tried to stream to a Chromecast this evening when connected to my home VPN (which did not work at first :oops:). The reason why I could not connect to 192.168.1.1 on LAN (when connected to VPN) had to do with that I did not bypass VPN for local clients in the OpenVPN app. I changed OpenVPN app to OpenVPN for android which allows bypass VPN for local clients. Now I can connect to both 192.168.1.1 on LAN and 192.168.50.1 through VPN.
It was just a client setting :p.
 
Is that really how it works @martinr ?
I am currently testing to reach the router at my cottage (which uses 192.168.1.1) when connected to my home router through VPN server. My home router uses 192.168.50.1. I am directing both LAN and Internet through my home VPN server.

When connected to my home VPN, I cannot reach 192.168.1.1 at my cottage at all, but I can reach 192.168.50.1 at home. Same happens for router.asus.com.

@GSpock . Are you directing both LAN and Internet through your VPN server or just Internet?

@Salles: I ticked LAN only. When I choose Both; it is the same
GS
 
Last edited:
Thanks.
Coming back on what I am trying to achieve: have a VPN server that works from windows & android devices and that gives me access to my internal systems.
Thanks to @martinr, I can now achieve this with a TAP connection. As you all know, TAP does not work with android devices, only TUN.

So, from windows clients, connection via TUN works OK, I can access router gui but not the rest of my devices in LAN. I read a few other posts and googling, it seems something to be related to routing between "local" addresses (192.168.1.x) and VPN addresses (10.8.0.x), but so far this is a bit beyond my networking competences ....
 
Thanks.
Coming back on what I am trying to achieve: have a VPN server that works from windows & android devices and that gives me access to my internal systems.
Thanks to @martinr, I can now achieve this with a TAP connection. As you all know, TAP does not work with android devices, only TUN.

So, from windows clients, connection via TUN works OK, I can access router gui but not the rest of my devices in LAN. I read a few other posts and googling, it seems something to be related to routing between "local" addresses (192.168.1.x) and VPN addresses (10.8.0.x), but so far this is a bit beyond my networking competences ....
I’ve only ever used TUN, and I connect via Apple devices and Windows laptops. (Someone, maybe Merlin, when describing the differences between TAP and TUN once said something like, if you don’t understand the difference, then you shouldn’t be using TAP.)
But you shouldn’t need to do all that research: when I’m remotely connected, I can access the other devices on my LAN exactly as if I were back home connected directly to the LAN. No special rules or routing required. I think the only setting I alter from default is to change Advertise DNS to clients from No to Yes, and that allows my remote browsing to be protected by Diversion and Skynet. But I can’t see that setting causing you not being able to access LAN devices.
 
I’ve only ever used TUN, and I connect via Apple devices and Windows laptops. (Someone, maybe Merlin, when describing the differences between TAP and TUN once said something like, if you don’t understand the difference, then you shouldn’t be using TAP.)
But you shouldn’t need to do all that research: when I’m remotely connected, I can access the other devices on my LAN exactly as if I were back home connected directly to the LAN. No special rules or routing required. I think the only setting I alter from default is to change Advertise DNS to clients from No to Yes, and that allows my remote browsing to be protected by Diversion and Skynet. But I can’t see that setting causing you not being able to access LAN devices.

Thanks for your answer. I can only state what happens when my windows client connects to my VPN Server via TUN .... no access to internal devices except router gui .... and the DNS setting is on Yes ...
 
Thanks for your answer. I can only state what happens when my windows client connects to my VPN Server via TUN .... no access to internal devices except router gui .... and the DNS setting is on Yes ...

Can you normally ping these devices from your LAN, and, if so, do they respond when you ping remotely over the vpn?

When you talk about accessing these LAN devices, is it a gui you’re trying to access?
 
"Can you normally ping these devices from your LAN"
=> yes
and, if so, do they respond when you ping remotely over the vpn?
=> yes and no (see below :eek:) ....

In fact, I can ping most of the devices (Synology, etc ...) and than I can access them either via a browser or windows explorer using their IP addresses, not by their names.

The 2 NAS that I cannot access via their IP are those that are running as OpenVPN client via the router .... :eek:.
I guess that is the issue.

So, I achieved what I needed (I can still access the 2 NAS via their DDNS names with a browser), and I thank you very much for your time/support.

Rgds,
GS
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top