VPN and intranet network

hlavki · October 11, 2016, 6:17pm

I know, that I want vpn server on Omnia. Most of local networks has IP range 192.16.1.1 - 192.168.1.254.
If my local network will have this ip range (e.g. my NAS storage will have 192.168.1.10), then it is possible to connect to my VPN and access NAS storage from another local network with same ip range? Or is it better to change router ip on installation to e.g. 192.168.10.1. Which subnet is used in this situation? Thank you

johndoe · October 11, 2016, 9:09pm

As with everything, it depends.

When you configure your VPN, the end of the tunnel will not be 192.168.1.x - it will be something different (for example, OpenVPN uses by default 10.8.0.x) and then the machine where the VPN server is running will route between that and the real LAN subnet (let’s call it LAN A). So there is no conflict between configuration of the VPN and the LAN, where you are physically (let’s call it LAN B).

However, when you want to try to connect to your NAS, you must ensure, that the packet will go through VPN and is not routed by your computer into LAN B. You can do it by configuring the VPN client to use the VPN tunel for all traffic. The downside is, that you will be not able to access any computer in LAN B, while the VPN is on.

The better solution is to ensure, that the subnets do not conflict (i.e. changing your router IP and it’s DHCP range, as you noted). You can use 192.168.X.1 (where X is 0 to 255), 172.X.Y.1 (where X = 16…31, Y= 0.255) or 10.X.X.1 (where X=0…255). See https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

Maxmilian_Picmaus · December 25, 2016, 4:55pm

OpenVPN server can act as simple-tunnel, P2P, Server, Server-Bridged. Each has different networking/routing approach. No matter which type you choose, you can always make your services available to vpn-clients. It is matter of forwarding rules and traffic control rules on your firewall.

Main reason for changing default lan network is because that is pretty much generic and widely use. Client ip might be from same range as your local lan (so routing later on might get fuzzy, especially when your NAS ip is also present on client home network … like he will have his own nas on very same ip )

Check those first :
https://openvpn.net/index.php/open-source/documentation/howto.html#vpntype
https://openvpn.net/index.php/open-source/documentation/howto.html#numbering

I put some links to howto/guides here : Using Turris as a VPN client for most outgoing traffic I am still using 192.168.1.0 (not changed yet … i am still playing with openvpn configuration
Here is my last used config setup: ACCEPT vs DNAT (port forwarding) firewall rules