Exposing Windows OpenVPN Connect Client's Network to OpenVPN Server's Networks
In addition to including local subnets for specific users on OpenVPN server settings there are also changes that need to be made on client machines running the OpenVPN Connect software. These are not well documented for Windows OS, hence this document.
This document shows you the necessary changes needed to connect remote hosts/guests to your local network using Windows Firewall.
- Connection established via OpenVPN connect
- Remote guest/host on the same network as the OpenVPN Active Server
N.B OpenVPN creates a TAP device, which appears in Windows Network Adapters as
Ethernet, with a
Enable IP Forwarding
This will allow the OpenVPN Server's network to see the Clients.
regedit, and click on its icon
- Navigate through the tree to
- In the right panel
- Change the
- Keep regedit open for the next section
Set OpenVPN Device as Private type
This will allow appropriate firewall rules to be set in bulk, and is faster than changing individual entries when the OpenVPN server's network is trusted.
Network and Sharing Center, and click on its icon
- Observe the
View Active Networks Panel
- Look for the connection
Public networkand make a note of it's name
- Select each of the branches in the tree view
- Review the contents of each branch in the right panel, until you find one that has the name of the
- In the right panel
- Change the value data from
Test the Network Type
- Disconnect the
- Reconnect the
Network and Sharing Centreand click on its icon
- You should observe the
View Active Networks Panelentry for the
Public networkis now listed as
Authorise the Remote Network for shares
Whilst our changes are complete we also need to modify the SAMBA sharing rules to include the remote network's subnet.
Windows Firewall with Advanced Security
- Click on its icon
- Click on
- Organise by
Nameby clicking the column and locate
File and Printer Sharing (SMB-In)with the
- Double click it and select the
Remote IP Addresspanel
- Click add and enter the remote subnet and bits
Machines in the remote subnet should now be able to access the local shares.