openVPN getting different gateways assigned

Discussion in 'Networking & Security' started by amrogers3, Oct 10, 2018.

  1. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    I am testing access to my home network over wireless and wired connections. Over both connections, I can access internet. However, over wired connection I can't access my internal LAN devices. I can ping 10.0.1.1 over both but cannot ping 10.0.1.6 device over wired.

    The wireless AP must be assigning the 192.168.43.1 gateway as I do not have any 192.168.43.x subnets configured on pfSense.

    I ran DNSLeakCheck on both connections and I only see OpenDNS servers (no leakage).

    I rechecked openDNS config, any recommendations?? I assume this is a gateway problem although, I am not sure why gateway 10.0.1.1 is breaking communications to LAN devices and 192.168.43.1 is working.

    97dw0tilndr11.png
     
  2. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    Why is the AP configured to do DHCP?
     
  3. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    It would def be a problem if it wasnt doing DHCP.


    One of you guys will look at this and know immediately what is going on with this interface.

    Appears to be a problem with WAN and/or default gateway. The wireless is assigning 192.168.43.1 and wired is assigning 10.0.1.1.



    WAN is in Red. Connection via hotspot is on top and wired connection on bottom.

    GppVC4ml.jpg

    nr9Hj5Vl.jpg
     
  4. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    You know that the AP can just be an AP and provide nothing other than the wireless signal? Your router or firewall should be the only thing running DHCP....
    Part of the setup is missing. Are you connecting from a remote location over wired/wireless? What devices are you using? Share the OpenVPN config. I don't know enough about routing tables to be able to glance at them and point out the issue. Since the AP is running as a DHCP server, it's possible other services are running on it and affecting the connection. So many unknowns here that nobody could possibly attempt to replicate.
    My guess? A different in your network adapter configurations on the device(s) you're using. It looks like your wired connection is looking for IPv6 too. That can cause issues...
    I also recommend you talk to whoever is in control of that AP and tell them to turn off unnecessary services and double NAT'ing their connection.
     
    IdiotInCharge likes this.
  5. IdiotInCharge

    IdiotInCharge Not the Idiot YOU are Looking for

    Messages:
    8,110
    Joined:
    Jun 13, 2003
    More specifically, to second this point, there should only be one active DHCP server per subnet. Generally speaking for SOHO usage, this means one DHCP server per network, and this is usually your gateway device.

    So you need to disable that DHCP server; the AP should be getting an IP from a DHCP server likely on your router/firewall, and it should be forwarding DHCP requests to that server.
     
    FNtastic likes this.
  6. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    Apologies for confusion here. Think of the wireless access as a hotspot, i.e. hotel connection, etc.

    I am on the road trying to connect back to my home network so this AP is outside the network. There is nothing on network besides pfSense assigning addresses.

    So the wireless is working and I can access server at 10.0.1.6. However, wired is broken. I can access internet over Wired but not 10.0.1.6 server. Maybe the issue is with the default gateway and WAN being assigned 10.0.1.1 address and creating a conflict. Not understanding why wired and wireless are creating different configurations.

    NeebC0a.png
     

    Attached Files:

    Last edited: Oct 10, 2018
  7. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    Doesn't look like you turned off IPV6 on your wired connection yet to troubleshoot. Have you tried any other of the troubleshooting steps since your previous post?
     
  8. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,772
    Joined:
    Aug 24, 2005
    I'm not sure I fully understand your explanation, it appears as though you are away from home, and trying to connect back to your home LAN via OpenVPN.

    If that is in fact the case, the reason it works over wireless and not wired, is because on wireless you are getting a 192.168 address. When you ping 10.0.1.6, it doesn't have an interface in that subnet, so it uses the default route (in this case 0/1 because there isn't a more specific route)

    When you plug in your wire (i'm assuming to some kind of hotel maybe?) and you get the 10 address, you can't ping the 10 net at your house across the VPN tunnel because when you ping the 10.0.1.0/24 subnet, it will use the interface that is attached to it. It will not use the default route, because a more specific route to 10.0.1.0/24 exists in your routing table - interface en7

    This is assuming that you are talking about a wireless and wired connection that are both away from your home network. It wasn't clear in the description (for me anyway)

    *TLDR You can't be away from home, and use the same subnet that you use at the house and connect via VPN without additional configuration
     
    FNtastic likes this.