OpenVPN as Virtual Wifi kinda idea?

Software SW help
1

Hi!

I have successfully setup a OpenVPN server using foris plugin. I also generated config for my client. And I can connect. I get public IP of my router so the VPN purpose is achieved I also can access the Internets but I would like a bit more.

MY GOAL: is to be able to connect (ping/ssh) to machines in my local network using openvpn. So if I am on my client (android phone) and I connect to OpenVPN then I would like to ssh into the raspberry pi for example (in my local network). I know it’s possible but I cannot achieve it in any way.

here is my /etc/config/openvpn

config openvpn 'server_turris'
option enabled '1'
option port '1194'
option proto 'udp6'
option dev 'tun_turris'
option ca '/etc/ssl/ca/openvpn/ca.crt'
option crl_verify '/etc/ssl/ca/openvpn/ca.crl'
option cert '/etc/ssl/ca/openvpn/01.crt'
option key '/etc/ssl/ca/openvpn/01.key'
option dh '/etc/dhparam/dh-default.pem'
option server '192.168.12.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option duplicate_cn '0'
option keepalive '10 120'
option compress 'lzo'
option persist_key '1'
option persist_tun '1'
option status '/tmp/openvpn-status.log'
option verb '6'
option mute '20'
list push 'route 192.168.13.0 255.255.255.0'
list push 'redirect-gateway def1'
list push 'dhcp-option DNS 192.168.13.37'

Any help and ideas welcomed.

2

vpn config looks good.

allow traffic between the firewall zone containing your local network (and raspi) and the zone containing the tun_turris interface. (nat should not be needed as you are using the same default gatway on both sides)

beware there will be problems if the client is in a local net with same ip-range as any of your vpn/home networks, so choose wisely :wink:

3

So I want to allow “From any host in vpn_turris To any host in lan”.
The other way around should not be needed for now. And more restrictive policy later.

Ok so if I have openvpn server on IP that is in different subnet (has different range) as you can see in config it should not collide. Great I know that because already I broke the config and i could not access router at all. Schnapps rlz!

EDIT: My phone’s battery just died on real death finally. So I will have to wait a bit with testing but I guess that should work. Thanks @hadc! Will mark as solution as soon as I test it.