ER707-M2 - Local LAN client cannot connect to OpenVPN on the router

ER707-M2 - Local LAN client cannot connect to OpenVPN on the router

15 Reply
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-27 09:17:26

Hi @RMitev 

Thanks for posting in our business forum.

Try the connection from a computer that's in the 10.17.21.1/24

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#12
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-27 09:25:48 - last edited 2024-05-27 09:28:41

  @Clive_A 

 

Hello, from the external network 10.17.21.1/24  everithing is OK, but from internal network I can't connect.

 

In ER605 v1 and v2, I can connect to the openvpn server from both internal and external network ...

 

(By the way, the ER605 V1 with the latest firmware has a speed of 25 to 30 megabits via OpenVPN)

 

Best Regards

  0  
  0  
#13
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router-Solution
2024-05-30 00:53:51 - last edited 2024-06-11 06:17:38

Hi @RMitev

Thanks for posting in our business forum.

RMitev wrote

  @Clive_A 

 

Hello, from the external network 10.17.21.1/24  everithing is OK, but from internal network I can't connect.

 

In ER605 v1 and v2, I can connect to the openvpn server from both internal and external network ...

 

(By the way, the ER605 V1 with the latest firmware has a speed of 25 to 30 megabits via OpenVPN)

 

 

Best Regards

Tested and have a reproduction of the issue. The problem mainly lies in the 707-M2, which has added a function to limit the OVPN message. Previously, it was found that in certain scenarios, OVPN messages would not be sent from the specified wan port, so restrictions were added to only send and receive messages on the corresponding WAN port.

605 has not been considered for this feature. But I think if this is added to the firmware. It should later be added to the 605.

The question now is what kind of scenario do you need this connection from the LAN? We have not found a legit scenario for such a use case which may cause some other trouble. So, we limit it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#14
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-30 09:43:49

  @Clive_A 

 

In a large LAN, encryption of important traffic may be necessary. Almost all smart switches offer traffic mirroring, ie. unencrypted traffic may compromise security in some cases.

 

In any case, from your point of view, you should also apply this rule to the SSL VPN server.

  0  
  0  
#15
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-31 00:45:14

Hi @RMitev 

Thanks for posting in our business forum.

RMitev wrote

  @Clive_A 

 

In a large LAN, encryption of important traffic may be necessary. Almost all smart switches offer traffic mirroring, ie. unencrypted traffic may compromise security in some cases.

 

In any case, from your point of view, you should also apply this rule to the SSL VPN server.

No. This does not sound right.

You are connecting from the LAN to the WAN of your VPN server. This is from the local network > NAT > VPN server and everything is local. This environment you described does not sound reasonable. I am sorry that I cannot use this reason in a report.

As I have explained the connection from the LAN side to the WAN side VPN server is not a normal use case.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#16
Options