Unable to access remote local network with VPN

kristiankunc · 13 March 2024 21:53

Hi, I am using an .ovpn config file to set up a vpn profile in network manager. In most cases, the vpn works just fine, but on a single specific access point, I am unable to access anything on the server’s local network (192. domain).
I am not even able to ping/send any requests to any of the devices, accessing the internet outside of the local network works just fine. When I use my phone’s hotspot which is connected to the same ap, the vpn works just fine. This made me think it must be an issue with the ap, but on the other hand, on most wireless networks, I am able to use the vpn just fine without nay trouble.
I was not really sure of what logs to include so here is a log of the NetworkManager systemd for when the vpn connection is established.

bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.1157] vpn[0x55959df7bac0,a54a891b-581e-43d2-8070-bbb0e7ea8c76,"kristian"]: starting openvpn
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.1161] audit: op="connection-activate" uuid="a54a891b-581e-43d2-8070-bbb0e7ea8c76" name="kristian" pid=761 uid=1000 result="success"
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: OpenVPN 2.6.9 [git:makepkg/6640a10bf6d84eee+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Feb 13 2024
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: DCO version: N/A
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: TCP/UDP: Preserving recently used remote address: [AF_INET]<IP>:1194
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: UDPv4 link local: (not bound)
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: UDPv4 link remote: [AF_INET]<IP>1194
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: [server_c2UCz1nRPy3Bh1s9] Peer Connection Initiated with [AF_INET]<IP>:1194
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: TUN/TAP device tun0 opened
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 93696 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_22 --tun -- tun0 1500 0 10.8.0.2 255.255.255.0 init
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4410] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/12)
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: UID set to nm-openvpn
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: GID set to nm-openvpn
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: Capabilities retained: CAP_NET_ADMIN
bře 13 22:46:22 kristian-laptop nm-openvpn[93701]: Initialization Sequence Completed
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4624] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4641] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4655] device (tun0): Activation: starting connection 'tun0' (35ab7c97-c1bb-4e11-8765-c9b47a0c7c54)
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4666] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4671] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4672] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4678] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.4908] policy: set 'kristian' (tun0) as default for IPv4 routing and DNS
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.5027] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.5033] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
bře 13 22:46:22 kristian-laptop NetworkManager[438]: <info>  [1710366382.5049] device (tun0): Activation: successful, device activated.

zbe · 14 March 2024 04:48

Sounds like your remote LAN subnet (192.whatever) is same as your local one. If so, of course it won’t work.

linux-aarhus · 14 March 2024 06:06

The end point supplied by tun0 is responsible for routing

with the IP assigned as stated in log

Thus the tunnel endpoint is responsible for adding a route from 10.8.0.0/24 to 192.168.x.y/24

So this is a an issue for the administrator of the target network - there is nothing you can do… unless of course you are the administrator - in which case you would not need to ask…

kristiankunc · 14 March 2024 20:43

Thanks, I completely forgot about this. I assume it is more convenient to change the subnet of the VPN server to something other that 192.168… as that is pretty common.

zbe · 14 March 2024 20:47

Well you can have 192.168.<something_else>.0/24.

system · 16 March 2024 08:48

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.