Unable to access VPN client LAN in router over SSL VPN SERVER in router too.
Unable to access VPN client LAN in router over SSL VPN SERVER in router too.
Hello everyone!
As explained in the title, when I connect remotely to my router via SSL VPN, I can access the LAN configured in my router without any problem, but I cannot access the server available via a client VPN tunnel created on this same router, yet when I have a PC connected directly to the router's LAN, I can access it without any problem.
MODEM: 192.168.200.1
LAN ROUTER: 192.168.210.1/24
VPN SERVER IP POOL: 192.168.210.50 - 192.168.210.99
ROUTER VPN CLIENT: 192.168.113.1
SERVER try to access: 10.101.1.25
To try to understand the problem, I made a "tracert", here is the result I get when I do it from a local computer on the router's LAN
And now here is the result I get when I do it remotely via the VPN server
As you can see, the next hop is directly to my modem at 192.168.200.1.... While it should be 192.168.113.1
To try to solve the problem, I tried to make a static route, so if we try to contact my server on the VPN client, I immediately redirect to the router that knows the route, but this has no effect, the tracert is identical, it goes directly to the modem...
Do you have any leads to suggest to me? I'm starting to run out of ideas...
Thank you very much for your help.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
MR.S wrote
I did a test here, an ER707-M2 with SSL VPN server and the same router has an OpenVPN client for some remote networks. when I connect to the SSL VPN with my PC, I only get the local networks on the ER707, I don't know how to route from the SSL VPN to the OpenVPN client on the same router. so I can't connect to any of the networks that go in the OpenVPN client on the router. I use a full tunnel so all traffic from my PC goes out on the ER707 LAN and WAN but not OpenVPN.
That's exactly it! Let's wait for the answer from @Clive_A to see if he has any idea on how to route this. In any case thank you very much for your help, it is really much appreciated!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
you should not use openvpn pool that overlaps with any of your LAN, put a random 10.xx.xx.xx ip pool on vpn. you have to do that on both of your vpn servers.
- Copy Link
- Report Inappropriate Content
MR.S wrote
you should not use openvpn pool that overlaps with any of your LAN, put a random 10.xx.xx.xx ip pool on vpn. you have to do that on both of your vpn servers.
To change the IP pool of the VPN Server no problem I put 10.23.1.10-10.23.100.
On the other hand to change the assignment of the local IP of the VPN Client, I tried to put 10.24.1.10-10.24.1.100, but I no longer had access to the server 10.101.1.25 even with the PCs connected directly to the router of the VPN Client (the router that contains all the VPNs), and since it is during the day, I cannot completely cut this access while I do some tests. I guess I need to create a new VLAN 10.24.1.1 in this router for it to work... I will do some tests tonight, thanks.
- Copy Link
- Report Inappropriate Content
Just to confirm that I'm going in the right direction, the local IPs indicated in the OpenVPN client configuration, do you also have a VLAN already created which contains this range of IPs?
- Copy Link
- Report Inappropriate Content
NO, VPN ip pool should be VPN ip pool not LAN interface. so make sure that the VPN pool does not overlap with any of the other networks you have. and you have to do it on both vpn servers.
so the only thing you have to do now is change the pool on your vpn servers and it should work. I have tested on an ER8411 and it worked on that too
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 247
Replies: 17
Voters 0
No one has voted for it yet.