VPN Access works on WiFi, not LAN

[BBQFreak]

I am temporarily running BI on an old Laptop that has 2 NIC (one for camera network and one for internet/LAN) as well as a WiFi adapter.

When I am on my home network, BI remote access is available via either IP address (wired LAN or WiFi)
When I am on my OpenVPN trying to get to BI via the LAN IP address times out, but it connects just fine via WiFi.
I do not have bind to single address checked and other computers (ie my homeassistant server) that are on Wired are able to be accessed just fine.

Anything I can look at?

 

[whoami ™]

just a guess... open vpn gives a IP on a different subnet than the subnet your using for your LAN. OpenVPN ip might be like 192.168.30.1 when LAN is on 192.168.0.1 and that subnet isn't in your BI allowed list. Or your firewall prevents subnets from talking to each other. Im just guessing here. Are you using VLANS? There are a lot of possibilities not knowing anything other than what you've given so far.

 

[BBQFreak]

just a guess... open vpn gives a IP on a different subnet than the subnet your using for your LAN. OpenVPN ip might be like 192.168.30.1 when LAN is on 192.168.0.1 and that subnet isn't in your BI allowed list. Or your firewall prevents subnets from talking to each other. Im just guessing here. Are you using VLANS? There are a lot of possibilities not knowing anything other than what you've given so far.

My OpenVPN does indeed assign a different subnet (10.0.1.x), but I can hit 10.0.0.35 (or whatever it is) that's my wifi adapter and not 10..0.0.110 that is my static LAN. From inside the network I can hit both.

 

[The Automation Guy]

I agree that there is likely a "rule" somewhere that is preventing you from connecting to BI while on the VPN ip address subnet.

This might be because the VPN was not set up correctly to start with and the firewall/router is blocking data from crossing into the subnet that BI is in. If your BI is on it's own VLAN, did you specifically include the BI VLAN subnet in the VPN "allowable connections" field? You might have only included your primary network and forgot to include the BI VLAN.

It might also be that within the BI settings, you set the network access to only allow connections over your local network and specifically only to your normal local network subnet (ie 10.0.0.X). If this is the case, BI will block traffic from the VPN subnet addresses (10.0.1.X). I know I was "bitten" by this mistake myself initially. I had "locked down" BI to only allow local network connections, but had not gone back in and added the VPN subnet after I set my VPN connection up. This might be the same problem you are experiencing.

Also, are you sure that you are using a 255.255.255.0 subnet mask (ie a /24 network) to ensure your 10.0.0.X and 10.0.1.0 subnets aren't overlapping?

 

[TonyR]

Check for a recent Windows update that changed one or more of the BI server's network connection properties from "private" to "public" or vice versa, as in one or both of it's NICs.

 

[The Automation Guy]

Check for a recent Windows update that changed one or more of the BI server's network connection properties from "private" to "public" or vice versa, as in one or both of it's NICs.

That's a good one. I can't tell you how many times that has bitten me in the past..... Damn Windows......

 

[BBQFreak]

Also, are you sure that you are using a 255.255.255.0 subnet mask (ie a /24 network) to ensure your 10.0.0.X and 10.0.1.0 subnets aren't overlapping?

Ended up being a /8 network instead of a /24...not sure how that happened, but that fixed it, thanks!