Macos – OpenVPN with MacOS X Client and same subnets in local and remote net

I have a homenetwork 192.168.1.0/24 with gateway 192.168.1.1 and a remote network with the same parameters. Now I want to create a OpenVPN tunnel between those networks.

I have no problems with Windows, because Windows routes everything to 192.168.1.0/24 except 192.168.1.1 throught the tunnel.

On Mac OS X however I see the following line in the Details window:

2010-05-10 09:13:01 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]

When I list the routes I get the following:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGSc       13        3    en1
127                localhost          UCS         0        0    lo0
localhost          localhost          UH         12     3589    lo0
169.254            link#5             UCS         0        0    en1
192.168.1          link#5             UCS         1        0    en1
192.168.1.1        0:1e:e5:f4:ec:7f   UHLW       13       17    en1   1103
192.168.1.101      localhost          UHS         0        0    lo0
192.168.6          192.168.6.5        UGSc        0        0   tun0
192.168.6.5        192.168.6.6        UH          1        0   tun0

My Interfaces are

en1 - My local Wifi network
tun0 - The tunnel interface

As can be seen from the routes above there is no entry for 192.168.1.0/24 that routes the traffic through the tunnel interface.

When I manually route a single IP like 192.168.1.16 over the tunnel gateway 192.168.6.6, this works.

Q: How do I set up my routes in MacOS X for the same behaviour as on windows, to route everything except 192.168.1.1 through the tunnel, but leave the default gateway to be my local 192.168.1.1 ?

EDIT: I reopened the question because it could not be fully answered the first time.

The VPN-Client machine does not need to access its own subnet, except for the router, and TCP packages should take the tunnel except for the tunnelled packages themselves.

Best Answer

I don't think routing is supposed to work like that. Essentially, your two networks are the same as far as IPv4 is concerned. The VPN doesn't change that. You don't use routers to connect two parts of the same network; you need bridges for that.

I've never done this, but I think you have a few options.

Configure the OpenVPN gateways in a bridged mode. As long as there are no IP conflicts (one machine on each network with the same IP, eg 192.168.1.100) this should work. If you're using DHCP, you'll need to deal with potential overlap; you don't want two DHCP servers on the same network.

According to the link, you have two options for IP allocation:
- Let OpenVPN manage its own client IP address pool using the server-bridge directive, or
- configure the DHCP server on the LAN to also grant IP address leases to VPN clients.

Configure one network to another network address. Just change 192.168.1/24 on one network to 192.168.7/24 (or some other address). This will definitely work, and you'll only have to reconfigure one network.
Subnet the 192.168.1/24 into two /25 networks (eg, 192.168.1.0/25 and 192.168.1.128/25). This will also definitely work, but you'll have to reconfigure both networks. (For reference, the netmask on a /25 is 255.255.255.128).

Best Answer

Related Solutions

Windows – OpenVPN route all traffic except select local subnets

Networking – pfSense 2.1 OpenVPN client not using tunnelled interface

Related Question