Asus Router OpenVPN Server - How to access local clients

ChicoQuente wrote: ↑ When connected to OpenVPN my phone gets an ip in the 10.x.x.x range while everything physically on the network is 192.168.1.x. Is there a setting I can change that will allow the remote phone/laptop/etc to connect with this server while I am on the VPN?

I pondered the same question when I first installed OpenVPN on my Synology.

Install this app on your Android phone LINK

If you click on the "Information" menu, it will confirm that your VPN IP address is 10.x.x.x.

Now click on the "Tools" menu, and then select "New". Type in the IP address of your SABNZBD server (192.168.1.x) and select "Ports". then select "All" , and make sure the range includes your SABNZBD server port number.

Click on "Start" and the App should show the port open (i.e. a green dot). You can then click on the desired port and the app will attempt to make a connection.

This app is just used to convince you that all your devices are available on your Home network on their original 192.168.1.x addresses. You should be able to access your servers using their own dedicated apps. Just use the LAN address of 192.168.1.x and not the DDNS address and port number that you were likely using before.

Also remember to disable any port forwarding you have configured in your router to provide access to these servers.

I appreciate the response but I have a few issues. Firstly I am on iOS so that link is not useful to me. I can already confirm all of that information anyways without using the app.

While I am on VPN with my phone I can verify in the OpenVPN app that my IP is in the 10.8.0.x range. I can also see this reflected on the Asus router settings as well. I am unable to set the IP range on the OpenVPN server to the same as my LAN DHCP server as the router prevents that. I know the ports are correctly open as I can visit the web config pages of all the apps while I am at home and on the network directly. However when I attempt to visit the sabnzbd config page while on VPN I get the following error: "External internet access denied - https://sabnzbd.org/access-denied"

I am not really sure how it knows I am not directly on the network but connected over VPN. If I fire up whatismyip.com on my iPhone while I am connected over cell/VPN the website correctly lists my home network IP so it seems like my phone is being routed through the VPN yet sab still knows I am not there. How is that possible?

see if you can reach your router page by going to the 192 ipaddress
the error your seeing seems to be an sabnzb error more than openvpn
i dont use openvpn but wireguard on my router and it also give a different network ip range but i am able to access other machines using their ip address

ChicoQuente wrote: ↑ I know the ports are correctly open as I can visit the web config pages of all the apps while I am at home and on the network directly. However when I attempt to visit the sabnzbd config page while on VPN I get the following error: "External internet access denied - https://sabnzbd.org/access-denied"

I am not really sure how it knows I am not directly on the network but connected over VPN.

The first step is to prove that your VPN is working and providing access to your LAN. That was the goal of using the app I mentioned in my earlier post. The simplest test (suggested by @DeletedMemories ) is to open a web browser on your phone and try to connect to your home router at 192.168.1.1. If that is successful, we can chase down a Sabnzbd config error.

I suspect the connection to your router's web page will work, If it doesn't, there are settings within the openvpn config file which may help.

According to the link you provided LINK,
"By default, because of the security reasons mentioned above, SABnzbd refuses such connections from sources on the internet."

later the link says

"Internet is defined as “a PUBLIC IP address”. That access is denied by default"

I suspect that even though the VPN address of your phone (10.x.x.x) is technically a PRIVATE address, the Sabnzbd server is rejecting it, because it is not on the same subnet as the server. It considers it "non-local" and treats it as if it came from an internet source.

Have a look at this LINK, for the switch "local_ranges". Add both your 192.168.1.x network, and the 10.x.x.x network into the list, so that the VPN address of your phone is considered a local address.

FYI, I have never worked with Sabnzbd, so these are just just some WAG's.

Rick007 wrote: ↑ The first step is to prove that your VPN is working and providing access to your LAN. That was the goal of using the app I mentioned in my earlier post. The simplest test (suggested by @DeletedMemories ) is to open a web browser on your phone and try to connect to your home router at 192.168.1.1. If that is successful, we can chase down a Sabnzbd config error.

I suspect the connection to your router's web page will work, If it doesn't, there are settings within the openvpn config file which may help.

According to the link you provided LINK,
"By default, because of the security reasons mentioned above, SABnzbd refuses such connections from sources on the internet."

later the link says

"Internet is defined as “a PUBLIC IP address”. That access is denied by default"

I suspect that even though the VPN address of your phone (10.x.x.x) is technically a PRIVATE address, the Sabnzbd server is rejecting it, because it is not on the same subnet as the server. It considers it "non-local" and treats it as if it came from an internet source.

Have a look at this LINK, for the switch "local_ranges". Add both your 192.168.1.x network, and the 10.x.x.x network into the list, so that the VPN address of your phone is considered a local address.

FYI, I have never worked with Sabnzbd, so these are just just some WAG's.

Thank you. This setting resolved my issue. I added the 10.8.0. to the local ranges and now I can access. I really appreciate the suggestion. I probably was not going to find that myself so I am grateful.

EDIT: I also forgot to mention, thanks for the reminder to close off my forwarded ports. I completely forgot I had those open so I have closed them off.