Hi All.
I have deployed an OpenVPN Access Server instance via a Custom App on my TrueNAS-SCALE (Dragonfish) server within my home network. For reasons I won’t get into, WireGuard isn’t an option in my case.
My TrueNAS server has a static IP of 192.168.0.200
I have given the container a static IP address of 192.168.0.201 (net1 interface).
The internal container has the IP address 172.16.2.68 (eth0 interface).
I have also forwarded the applicable ports on my router.
I am able to successfully connect to the OpenVPN Server from a client outside of my home network. The OpenVPN DCHP Server is configured to give out IP addresses from the network 192.168.1.0/24
I have added 192.168.0.0/24, 192.168.1.0/24 and 172.16.0.0/16 to the Routing section of the OpenVPN settings, that specifies the private subnets to which all clients should be given access. I have also selected ‘Yes’ to “Allow access from these private subnets to all VPN client IP addresses and subnets” and to “Should client internet traffic be routed through the VPN”
Currently, when connected to the OpenVPN server, I am able to access the Server UI page at 192.168.0.201:943/login, my router configuration page (192.168.0.1) and the internet (confirmed as my IP matches my home network external IP), however when I try to access any other resource on my local home network, for example the TrueNAS UI (on 192.168.0.200), the page times out.
I believe what I’m missing is a route on the server-side LAN gateway to route the VPN client subnet (192.168.1.0) to the OpenVPN server (192.168.0.201). The issue is, I’m not sure where to do this.
Should I setup a Static Route …
- … in the OpenVPN Container Settings?
- … somewhere within my main TrueNAS server?
- … somewhere on my router?
For (1), I have tried creating a Static Route with Destination = 192.168.1.0/24 and Gateway = 192.168.0.201, but the problem continues to exist.
I also tried the same thing in my router configuration options (3), but again the problem continues to exist.
For now, I have left the static route in my router enabled.
Could another possible reason be I need a reverse proxy to access all the resources on the TrueNAS server (192.168.0.1)?
Any ideas what I should do to get this to work?