# [Solved] How to allow local access when using OpenVPN?

## solamour

I have a Gentoo Linux (named "mygentoo") along with other computers on a local network, which is hooked up to a router, so that everyone on the local network can go outside the world. Other computers can also access mygentoo with no problems.

But when mygentoo is running OpenVPN to a host somewhere outside, nobody on the local network can access mygentoo; they can access mygentoo only after I stop OpenVPN.

Is there a way to use OpenVPN and still allow others to access mygentoo?

__

solLast edited by solamour on Wed Feb 23, 2011 9:05 pm; edited 1 time in total

----------

## gerdesj

Sounds like a routing problem.

I have OVPN linking 40 networks up and around 150 users connecting here there and everywhere!

Please post your .conf file for mygentoo and also the config at the other end.

Also on mygentoo:

```

ip a

ip r

```

ie its addresses and routing table.  If you don't want to post those here please PM me.

Cheers

Jon

----------

## solamour

Here is more info. Let me know if I missed anything.

```
[mygentoo, OpenVPN client] openvpn.conf

client

dev tun

proto tcp

remote SOMEWHERE_OUT_THERE 1194

resolv-retry infinite

nobind

user nobody

group nobody

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

ns-cert-type server

comp-lzo

verb 3

```

```
[SOMEWHERE_OUT_THERE, OpenVPN server] openvpn.conf

port 1194

proto tcp

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"

push "dhcp-option DNS 10.8.0.1"

keepalive 10 120

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status openvpn-status.log

verb 3

```

```
mygentoo ~ # ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000

    link/ether 00:01:c0:05:39:29 brd ff:ff:ff:ff:ff:ff

    inet 10.195.32.77/24 brd 10.195.32.255 scope global eth0

    inet6 fe80::201:c0ff:fe05:3929/64 scope link

       valid_lft forever preferred_lft forever

3: sit0: <NOARP> mtu 1480 qdisc noop state DOWN

    link/sit 0.0.0.0 brd 0.0.0.0

4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

    link/ether 00:0d:f0:5a:e2:93 brd ff:ff:ff:ff:ff:ff

14: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

    link/ether 00:10:13:55:47:a6 brd ff:ff:ff:ff:ff:ff

29: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100

    link/none

    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0

```

```
mygentoo ~ # ip r

10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6

10.8.0.1 via 10.8.0.5 dev tun0

SOMEWHERE_OUT_THERE via 10.195.32.1 dev eth0

10.195.32.0/24 dev eth0  proto kernel  scope link  src 10.195.32.77  metric 202

127.0.0.0/8 dev lo  scope link

0.0.0.0/1 via 10.8.0.5 dev tun0

128.0.0.0/1 via 10.8.0.5 dev tun0

default via 10.195.32.1 dev eth0  metric 202

```

__

sol

----------

## cach0rr0

 *gerdesj wrote:*   

> 
> 
> I have OVPN linking 40 networks up and around 150 users connecting here there and everywhere!
> 
> 

 

/me hijacks for a somewhat related question

What sort of hardware do you have dedicated to this, and how heavy is the resource utilization? We're about to push out a handful of openvpn boxes at work, wondering what sort of scalability I'm going to have/need.

----------

## solamour

Something I find odd is that when I use OpenVPN client in a Windows box with pretty much the same configurations, I'm able to access the Windows box from local network; only mygentoo refuses local connections when OpenVPN is running. I'd appreciate any suggestions on what to look for.

__

sol

----------

## AngelKnight

Solamour,

I'm presumig that when mygentoo has the OpenVPN up, a machine somewhere else in 10.195.32.X cannot ping mygentoo and get replies back?  If that's the case, that's indeed weird.

If a "machine on the local network" does not have a 10.195.32.X address, that's different; the routing table describes what's going on in that case.

----------

## solamour

 *AngelKnight wrote:*   

> I'm presumig that when mygentoo has the OpenVPN up, a machine somewhere else in 10.195.32.X cannot ping mygentoo and get replies back?  If that's the case, that's indeed weird.
> 
> If a "machine on the local network" does not have a 10.195.32.X address, that's different; the routing table describes what's going on in that case.

 

You pointed me to the right direction. I just realized that the "machine on the local network" had 10.195.31.x instead of 10.195.32.x. When I tested it again from 10.195.32.x, everything worked as expected. I guess "mygentoo" kept its old IP when I moved it around.

Because I have several sub networks, it would be great if mygentoo can talk to everyone in 10.195.x.x even when it's running OpenVPN. Anyhow, thank you for the suggestion. I appreciate it.

__

sol

----------

