[HELP] Ubuntu access to local network devices while connected to VPN

[maxbarmet]

Hi everyone
I'm front of an issue maybe easy to be solved for some of yyou but as a real noob on linux i need some help.
Here is my problem :
I am on ubuntu desktop 22.04
This desktop has access to a synology nas locally and two other linux machine.
They are on the 192.168.1.0/24
This desktop has a wired network and a wireless chip that can connect to the local wifi network
When i connect this desktop over the wired NIC to a remote Open VPN synology NAS, i lose all access to my local linux machine and NAS.
So i tried, while connected to OpenVPN with wired Nic, i activated the Wifi chip on this desktop and connected to the local wifi wishing to get back access to the local linux machine and synology nas : result KO even if wifi is notified as connected.
Do i miss something ? Is it possible to get access to local network devices while connected remotely to Open VPN Server ?
If someone has a tuto or a step by step to help to solve that problem ?
Thanks in advanced.

 

[dcbrown73]

Hi,

The issue is likely that you are routing all traffic over the VPN. (the VPN is now your default route) You need to configure your OpenVPN client to only route traffic for the subnet on the other side of the VPN over the VPN. All other traffic should use your normal default route when the VPN isn't connected.

I haven't setup an OpenVPN server in a long time (my guys at work manage our current OpenVPN server) So I don't know how to do this off-hand, but there are a ton of resources on the web. Just search Google for "OpenVPN only route some traffic" or something like that.

Dave

 

[f33dm3bits]

On most vpns you have the option for "Local Network sharing", which includes all the private ranges but not sure what that functionality is called for OpenVPN.

 

[maxbarmet]

Thanks for your turn back
I though about one thing maybe important : my two networks have same subnet. Maybe it's a problem ?
Then, i use the ubuntu network manager to import the ovpn config so that it appears directly in the network manager. And because of that, i have no openvpn config flie for my client store in /etc/openvpn
Finally i found on internet that i should put in my client config this :
route-nopull
route 10.8.0.0 255.255.255.0

But as i have no config file but only the ubuntu Network Manager i didn't find the way to add this.
even in the VPN Config in the Network manager, in IPv4 filed where you can add routes. So i tried to add 10.8.0.0 255.255.255.0 with non success.
And for your idea of searching for "OpenVPN only route some traffic" : i found several information but that could be applied in a real openvpn config file client....

 

[f33dm3bits]

I though about one thing maybe important : my two networks have same subnet. Maybe it's a problem ?

Do you mean your vpn net and lan net have the same sub net?

 

[maxbarmet]

i have two site :
One in Paris (France) : with 192.168.1.0/24
On eexternal from Paris (France) : where the OpenVPN Server is installed on synology Nas : with also 192.168.1.0/24
So same subnet


But one thing is strange :

From external site : i have another Synolgy nas with OpenVPN client. this nas is on the same subnet than Paris (192.168.1.0/24) : ok
When i connect this synology to the Paris OpenVPN server, the synology can map the Paris's network computer without any problem and also has access to the local machine from its own site

Here are result of "ip route" when connected through openVPN client : first from the External remote synology client that has access to all
ip route =

0.0.0.0/1 via 10.8.0.9 dev tun0
default via 10.8.0.9 dev tun0 src 10.8.0.10
10.8.0.0/24 via 10.8.0.9 dev tun0
10.8.0.1 via 10.8.0.9 dev tun0
10.8.0.9 dev tun0 proto kernel scope link src 10.8.0.10
"PARIS WAN IP" via 192.168.1.254 dev eth0
"PARIS WAN IP" via 192.168.1.254 dev eth0 src 192.168.1.28
128.0.0.0/1 via 10.8.0.9 dev tun0
192.168.1.0/24 via 10.8.0.9 dev tun0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.28

And here the iproute of my Paris ubuntu desktop client (passing through Gnome Network Manager)
ip route=

default via 10.8.0.9 dev tun0 proto static metric 50
default via 192.168.1.1 dev enp3s0 proto static metric 100
10.8.0.0/24 via 10.8.0.9 dev tun0 proto static metric 50
10.8.0.1 via 10.8.0.9 dev tun0 proto static metric 50
10.8.0.9 dev tun0 proto kernel scope link src 10.8.0.10 metric 50
"External site WAN IP" via 192.168.1.1 dev enp3s0 proto static metric 50
169.254.0.0/16 dev enp3s0 scope link metric 1000
172.16.19.0/24 dev vmnet8 proto kernel scope link src 172.16.19.1
192.168.1.0/24 via 10.8.0.9 dev tun0 proto static metric 50
192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.170 metric 100
192.168.1.1 dev enp3s0 proto static scope link metric 50
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.191.0/24 dev vmnet1 proto kernel scope link src 192.168.191.1


Why synology machine can do what i would like to do on ubuntu desktop computer ?