Unable to connect to LAN (except router) while connected

[Boens]

Wondering if someone can help me figure this out.

It appears I am unable to access/ping any devices besides my router on my LAN while connected to Cryptostorm. I am assuming this occurs because when I'm connected to the VPN, the CS server is set as the default gateway (?).

I am on a linux based system, and configured the VPN using the GUI manager.

I know this is not exclusively an issue with Cryptostorm, as I have the same issue when connecting to my VPS.

I am acutely aware of my lack of knowledge in the field of networking and I would greatly appreciate a point in the right direction. Hopefully it's a simple solution, but I'm more than willing to embark on a path of deeper learning if required.

[Fermi]

Normally that shouldn't be an issue. Something mist be wrong with your routing table, it should look more or less like this, depending on your local situation:

Code: Select all

ubuntu@ubuntu2:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.33.0.1       0.0.0.0         UG    0      0        0 tun0
10.33.0.0       0.0.0.0         255.255.0.0     U     0      0        0 tun0
89.163.214.183  192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0

The last line ensures that communication with your local lan (in my case 192.168.1.0/24) remains possible.

What's your outcome of: route -n

/Fermi

[Boens]

Thanks for your reply Fermi.

I ran 'ip route' and got:

default via 10.33.0.1 dev tun0 proto static metric 50
default via 192.168.10.254 dev wlp2s0 proto dhcp metric 600
10.33.0.0/16 dev tun0 proto kernel scope link src 10.33.26.246 metric 50
173.234.56.116 via 192.168.10.254 dev wlp2s0 proto static metric 600
192.168.10.0/24 dev wlp2s0 proto kernel scope link src 192.168.10.56 metric 600
192.168.10.254 dev wlp2s0 proto static scope link metric 600

[Boens]

Ok, so I got it wrong.

For some reason I was under the impression that I could only access the router while connected to CS, but after checking again I can actually hit everything on my .10 subnet/vlan, but not on my other vlans (e.g. .20).

Looking at the output above it appears there are no routes in place for the other subnets - can someone advise the best method to route to these. I saw a solution involving adding 'route add' to the config, but this didn't seem to work.

[parityboy]

@Boens

Assuming that routing between VLANs is handled by your router, you could try something like

Code: Select all

route add 192.168.20.0 gateway 192.168.10.1

This will not survive a reboot, however. Making it a permanent change is left to you.

[Boens]

Thanks @parityboy

Like most other networking topics I've been learning what I need as I get to it! I'm guessing the permanent route will need to be set at the endpoint... or can it be implemented at the router (via a static route)?

[parityboy]

@Boens

If you enter the command I posted can you then ping anything on VLAN20 from your Linux machine? If yes, then the router already knows how to route traffic between the VLANs. If no, you'll have to configure your router accordingly.

By "permanent change" I mean that the route to 192.168.20.0 via the router will have to be entered into a configuration file on your Linux machine. If you are using NetworkManager you can enter it in there.

Just out of interest, what router are you using? Also, what switch?

[Boens]

Ok - finally got a chance to come back to this!

Yep inter-vlan routing is good - as you said, no need to set up the routes at the router. Also, added the routes in network manager and all is well.

I'm using PfSense and a cisco small business (SG) switch.

Thanks for the help @parityboy... now to annoy everyone by starting a new thread re a similar openvpn/routing issue :\