So, I got OpenVPN to connect, but now what?

My brother-in-law just got a Hubitat, and we're trying to set it up so I can access it from my house to program it for him. I'll probably end up signing up for the Remote Admin service for him, but I wanted to see if I could set something up thru OpenVPN, if only to learn how this works.

My TP-Link Archer A20 has a built-in OpenVPN server, and I finally managed to connect to it with my cell phone (wifi off). However, my home IP addresses are 192.168.0.xxx, and the IP range thru the OpenVPN server are 10.8.0.xxx. When I type in the 192.168.x.x address of my router into Chrome on my phone, it says site can't be reached. I can see that I'm connected in my router (interestingly, there are two connections: 10.8.0.6 - my phone, and 10.8.0.10 - what is this?). Obviously, I'm missing a step, but can't find anything here or on Google to tell me what that step is.

Sounds like your router doesn't automatically create a firewall rule allowing access from the OpenVPN subnet to your 192.168.1.x LAN. My experience with TP-Link firmware is limited but I do remember it being very different from other brands making it very confusing to do anything advanced.

I wish I could be more help, but what you are looking for is the configuration of the firewall rules.

Edit: Did some googling myself, it's a common complaint. One recommendation was to setup a port forward, but I'm not sure this is the best option maybe another Tp-Link expert can assist better?

1 Like

If you have wifi off, you aren't going through your router.

But I thought the point of this was to be able to access my Hubitat hub from outside my Lan?

I guess I was confused where the Archer A2 was located. Thought it was at your home and you were doing a VPN between sites.

It is at home. I'm just seeing if I can get it to work on my own router, accessing it with my phone through cellular data (outside the lan) rather than through wifi. If I could do that, then I might be able to figure out how to access my brother's hub from my house.

But I don't think I understand this stuff well enough. $2.99 for Remote Admin isn't terrible...I just wanted to see if I could do it myself first.

I use a Raspberry Pi with WireGuard. Easy to setup, can be connected to from home or away, is super fast in connecting and using. It allows you to access anything on the remote network, so that might be an issue for your BiL.

Yeah, now I get this, but have no idea what is what. I'm think I'm done here. :stuck_out_tongue:

i used to run my openVPN on my synlogy and while i managed to get it to work by tweaking some things, it wasn't how i wanted it. i ultimately started my openvpn server on a linux box and haven't looked back

1 Like

You need to select "internet and home access" in your setting to be able to access your home devices.

I tried it both ways. Couldn't get either to work.

Openvpn is a tricky thing. Try reboot your router with every change. Also trying pinging the device you are trying to access.

Edit : I believe you will need to generate a new certificate after the change as well.

Yes, but even if I got it to work, I don't want to have to repeat this nonsense with my brother's router and hub. Remote Admin is looking like the far better and easier option at this point. I've already added his instance of Webcore to my own (Which was painless).

Fair point. It makes sense to go that route for your brother. If you want to monkey around at home. Try wireguard on a PI. Quite a few of us here going that route with huge success because we want more access than just to the HE hub.

1 Like