After I setup a local VPN server on my Firewalla Gold Plus, I thought I would automatically have access to local devices after I connect from the outside. Alas, no.
What is/are the missing step(s) in my configuration?
Try to “ping” a few LAN device when on VPN, it should respond.
The VPN clients (OpenVPN and WireGuard) are put into their own network. WireGuard clients are treated as separate clients, and can be added to groups, but OpenVPN clients are not.
Anyway, since they are in different networks, rules that block access from other local networks to your main LANs will block access from VPN clients.
Start by checking the blocked flows for your VPN client. You might also want to check the rules for your various networks.
Indeed. It’s just that mDNS doesn’t work.
That is not how my experience has been at all. Yes separate network (10.x.x.x) but when it’s created it automatically creates the routes between the networks.
And I cannot put any VPN clients into any groups
See local domains here https://help.firewalla.com/hc/en-us/articles/1500002445242-What-is-the-Firewalla-local-domain-and-search-domain-
You’re right. If and only if you address the local devices by their IP. mDNS does not work, for example hoobs.local doesn’t work.
Very informative, thanks!
Can you also explain to me how I make SMB (Windows shares) work when I’m remotely connected?
Oh, TIL. I’ve never tried to access the .local address for anything.
I think you just need to do \\something.lan\\ (using firewalla local domain) or \\IP address\\
I tried both approaches unsuccessfully. I have no access to any of my Windows shares while I’m VPN’ed in.
If you “ping” those hosts using the firewalla local domain or IP, and hosts respond, then you will need to look at windos’s firewall and make sure it allows you to connect via the firewalla VPN subnet.
Yep, firewall being the operative word. I changed a few settings in Windows firewall and that fixed the issues. Thanks!