<
Routers
help! my vpn is working, but i cant see lan computers
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.help! my vpn is working, but i cant see lan computers
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.help! my vpn is working, but i cant see lan computers
Posts: 2
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2014-01-10
help! my vpn is working, but i cant see lan computers
2014-01-10 11:15:51 - last edited 2021-08-21 04:49:06
Tags:
Region : UnitedStates
Model : TL-ER604W
Hardware Version : V1
Firmware Version : 1.0.0 Build 20130116 Rel.52243s
ISP : NTS
help. I have my vpn up and running (ipsec) and i can see and configure b oth routers from both sites, but i am unable to see or ping the server at site A from the comps at site B, even though i can see and configure the router at site A from the comps at site B.
Model : TL-ER604W
Hardware Version : V1
Firmware Version : 1.0.0 Build 20130116 Rel.52243s
ISP : NTS
help. I have my vpn up and running (ipsec) and i can see and configure b oth routers from both sites, but i am unable to see or ping the server at site A from the comps at site B, even though i can see and configure the router at site A from the comps at site B.
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
14 Reply
Posts: 8
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2014-06-13
Re:help! my vpn is working, but i cant see lan computers
2014-07-01 07:07:44 - last edited 2021-08-21 04:49:06
I was able to resolve this as there were two issues.
1. The local cable company provided the modem/router at the remote end. By default, all of the protocol helpers were disabled, ie, IPsec passthrough was disabled. Since I was getting a public IP on my TPlink, it did not occur to me that the cable modem may not be completely transparent. Apparently, it is a "Feature" designed to encourage upgrades to business level services.
2. The second issue was a conflicting route left over from previous testing.
I was previously trying to get a remote TP-Link router to connect to a pfSense main router via IPsec, but I never got that working. TP-Link ER-604W on both ends (One is static IP, the other uses DDNS) is working nicely.
1. The local cable company provided the modem/router at the remote end. By default, all of the protocol helpers were disabled, ie, IPsec passthrough was disabled. Since I was getting a public IP on my TPlink, it did not occur to me that the cable modem may not be completely transparent. Apparently, it is a "Feature" designed to encourage upgrades to business level services.
2. The second issue was a conflicting route left over from previous testing.
I was previously trying to get a remote TP-Link router to connect to a pfSense main router via IPsec, but I never got that working. TP-Link ER-604W on both ends (One is static IP, the other uses DDNS) is working nicely.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#12
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 3
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2014-08-07
How to fix your VPN connections
2014-08-07 22:43:49 - last edited 2021-08-21 04:49:06
Hi guys,
I encountered the same problem, I believe it to be a bug in the router firmware and have reported it as such, however I'm happy to tell you that there is a workaround.
The basic issue is that the router does not send back the correct routing table entries to the client after connection in all cases.
You can verify this yourself in windows by checking the routing table.
I'll illustrate this with my own configuration.
my LAN network address is 172.16.106.0
when I initially set up client - network VPN, I followed the example in the guide, and created an address pool in the range 10.10.10.10. - 10.10.10.50 for VPN clients.
When I connected to the VPN, as you have all seen, it connected fine, but I was unable to contact any machine on my LAN.
What I discovered from the windows routing table, was that no route had been created for the 172.16.106 network.
Instead, a route to 10.0.0.0 had been created, which didn't make a great deal of sense.
However, I found that if I manually created a route to 172.16.106.0 then miraculously everything started to work.
To do this manually, check what your VPN client address is (in my case it was 10.10.10.10), and add the route in an administrator command prompt with (again using my network as an example)
route add 172.16.106.0 mask 255.255.255.0 10.10.10.10
There is also an automated way to achieve the same objective by changing the address pool so that the range is contained within the same superset as the LAN addresses.
In my example, I set the pool address range to be 172.16.108.1 - 172.16.108.50
Now when I connect to the VPN, the router creates for me a route for 172.16.0.0 which includes both the VPN client range, and the LAN subnet, so everything works as expected.
I hope that works for everyone.
I encountered the same problem, I believe it to be a bug in the router firmware and have reported it as such, however I'm happy to tell you that there is a workaround.
The basic issue is that the router does not send back the correct routing table entries to the client after connection in all cases.
You can verify this yourself in windows by checking the routing table.
I'll illustrate this with my own configuration.
my LAN network address is 172.16.106.0
when I initially set up client - network VPN, I followed the example in the guide, and created an address pool in the range 10.10.10.10. - 10.10.10.50 for VPN clients.
When I connected to the VPN, as you have all seen, it connected fine, but I was unable to contact any machine on my LAN.
What I discovered from the windows routing table, was that no route had been created for the 172.16.106 network.
Instead, a route to 10.0.0.0 had been created, which didn't make a great deal of sense.
However, I found that if I manually created a route to 172.16.106.0 then miraculously everything started to work.
To do this manually, check what your VPN client address is (in my case it was 10.10.10.10), and add the route in an administrator command prompt with (again using my network as an example)
route add 172.16.106.0 mask 255.255.255.0 10.10.10.10
There is also an automated way to achieve the same objective by changing the address pool so that the range is contained within the same superset as the LAN addresses.
In my example, I set the pool address range to be 172.16.108.1 - 172.16.108.50
Now when I connect to the VPN, the router creates for me a route for 172.16.0.0 which includes both the VPN client range, and the LAN subnet, so everything works as expected.
I hope that works for everyone.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#13
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2014-01-14
Re:help! my vpn is working, but i cant see lan computers
2015-04-10 23:04:08 - last edited 2021-08-21 04:49:06
pgb195 wrote
Hi guys,
I encountered the same problem, I believe it to be a bug in the router firmware and have reported it as such, however I'm happy to tell you that there is a workaround.
The basic issue is that the router does not send back the correct routing table entries to the client after connection in all cases.
You can verify this yourself in windows by checking the routing table.
I'll illustrate this with my own configuration.
my LAN network address is 172.16.106.0
when I initially set up client - network VPN, I followed the example in the guide, and created an address pool in the range 10.10.10.10. - 10.10.10.50 for VPN clients.
When I connected to the VPN, as you have all seen, it connected fine, but I was unable to contact any machine on my LAN.
What I discovered from the windows routing table, was that no route had been created for the 172.16.106 network.
Instead, a route to 10.0.0.0 had been created, which didn't make a great deal of sense.
However, I found that if I manually created a route to 172.16.106.0 then miraculously everything started to work.
To do this manually, check what your VPN client address is (in my case it was 10.10.10.10), and add the route in an administrator command prompt with (again using my network as an example)
route add 172.16.106.0 mask 255.255.255.0 10.10.10.10
There is also an automated way to achieve the same objective by changing the address pool so that the range is contained within the same superset as the LAN addresses.
In my example, I set the pool address range to be 172.16.108.1 - 172.16.108.50
Now when I connect to the VPN, the router creates for me a route for 172.16.0.0 which includes both the VPN client range, and the LAN subnet, so everything works as expected.
I hope that works for everyone.
Thanks much for this info, manually adding the route makes the VPN (PPTP server used with Windows 7 client connections) usable for me.
Changing the VPN IP group to an adjacent subnet (say router/LAN in 192.168.1.0 and VPN group 192.168.2.10-19) did not work automatically for me, still had to add the route manually. Not a good solution for users not used to looking at route print results and using such commands.
Hoping TP-Link is aware of this bug now and can fix the VPN server so that it establishes the routing between LANs?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#14
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2014-01-14
Re:help! my vpn is working, but i cant see lan computers
2015-04-17 23:12:15 - last edited 2021-08-21 04:49:06
Still looking into this bug, (on TL-ER6120 running 1.0.6 Build 20131129 Rel.49461) as I can not expect users to be able to manually add routes on their computers when trying to connect to the workplace...
The thought occured to me that perhaps adding a static route in the TL-ER6120's routing tables (Advanced/Routing/Static Route) between the VPN users IP Pool and the LAN subnet on the LAN port might provide a better workaround?
I'm not entirely sure this wouldn't mess something else up so running it by you guys for thoughts...
Thanks in advance!
The thought occured to me that perhaps adding a static route in the TL-ER6120's routing tables (Advanced/Routing/Static Route) between the VPN users IP Pool and the LAN subnet on the LAN port might provide a better workaround?
I'm not entirely sure this wouldn't mess something else up so running it by you guys for thoughts...
Thanks in advance!
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#15
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 2
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2014-01-10
Information
Helpful: 0
Views: 9110
Replies: 14
Voters 0
No one has voted for it yet.
Tags
Report Inappropriate Content
Transfer Module
New message