In addition to including local subnets for specific users on OpenVPN server settings there are also changes that need to be made on client machines running the OpenVPN Connect software. These are not well documented for Windows OS, hence this document.
This document shows you the necessary changes needed to connect remote hosts/guests to your local network using Windows Firewall.
- Connection established via OpenVPN connect
- Remote guest/host on the same network as the OpenVPN Active Server
N.B OpenVPN creates a TAP device, which appears in Windows Network Adapters as
Ethernet
, with aPublic
network type.
This will allow the OpenVPN Server's network to see the Clients.
- Click
start
, typeregedit
, and click on its icon - Navigate through the tree to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
- In the right panel
double click
onIPEnableRouter
- Change the
value data
from0
to1
, thenOK
- Keep regedit open for the next section
This will allow appropriate firewall rules to be set in bulk, and is faster than changing individual entries when the OpenVPN server's network is trusted.
- Click
Start
, typeNetwork and Sharing Center
, and click on its icon - Observe the
View Active Networks Panel
- Look for the connection
Ethernet
connection labeledPublic network
and make a note of it's name
- In
regedit
navigate toComputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\
- Select each of the branches in the tree view
- Review the contents of each branch in the right panel, until you find one that has the name of the
TAP adapter
- In the right panel
double click
onCatergory
- Change the value data from
0
to1
- Disconnect the
OpenVPN Connect
tool - Reconnect the
OpenVPN Connect
tool - Click
Start
and typeNetwork and Sharing Centre
and click on its icon - You should observe the
View Active Networks Panel
entry for thePublic network
is now listed asPrivate Network
Whilst our changes are complete we also need to modify the SAMBA sharing rules to include the remote network's subnet.
- Click
Start
and TypeWindows Firewall with Advanced Security
- Click on its icon
- Click on
Inbound Rules
- Organise by
Name
by clicking the column and locateFile and Printer Sharing (SMB-In)
with theProfile
Private
- Double click it and select the
Scope
tab - Under
Remote IP Address
panel
- Click add and enter the remote subnet and bits
- Click
OK
Machines in the remote subnet should now be able to access the local shares.
Thank you, this helped me a lot!
two little notes:
IPEnableRouter
go toComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
and try againpush "route 0.0.0.0 0.0.0.0 vpn_gateway 500"
Yes
Maybe @SayBeano you want to add them to your gist.