Business CommunityGeneral DiscussionVPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6
General Discussion

VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6

VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6

VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6
VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6
3 weeks ago - last edited 2 weeks ago
Model: Archer AX23   TL-R470T+  
Hardware Version: V2
Firmware Version: Archer AX23(TW)_V2_1.0.2 Build 20250224

I am currently experiencing a routing forwarding failure (timeout) when using two routers for network interconnection and would like to seek technical assistance.

【Hardware Environment】

Router A: Archer AX23 (IP: 192.168.0.2) — WAN connected to the general external network, OpenVPN Server enabled.

VPN Subnet: 100.0.8.0/24

Router B: TL-R470 (IP: 192.168.0.1) — WAN2 connected to a closed network (10...*).

Connection Method: The two routers are connected via a LAN port.

【Router Settings】

AX23 Settings: A static route 10.0.0.0 mask 255.0.0.0 has been added, pointing to 192.168.0.1.

TL-R470 Configuration: A static route 100.0.8.0 mask 255.255.255.0 has been added, pointing to 192.168.0.2 (Interface selected: LAN).

【Problem Description】 After an external device dials into the AX23's VPN, it cannot access resources in the 10...* network segment through the TL-R470's WAN (connection timed out).

I have tried disabling the firewalls on both routers, but it is still ineffective.

Key Point: The same network topology and routing settings work perfectly on older models (Archer A9 and TL-WR840N), but fail with the AX23 and TL-R470 combination.

What additional settings need to be configured on the TL-R470 to allow the AX23's OpenVPN to communicate normally with WAN2?

  •  

0
0
#1
1 Accepted Solution
Re:VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6-Solution
3 weeks ago - last edited 2 weeks ago

  @Jeremy_12 

 

  •  policy route--100.0.8.0/24 Interface: LAN  Action: Allow----always
    WAN2 interface, which would mistakenly apply address translation to traffic bound for 10.x.x.x.---defult value , no add any rule
    VPN service on Archer device is working properly?----Yes,network is work normally,even login TL-R470T setup


    I didn't want to ping anymore, so I replaced the TL-R470V6 with a regular home router and solved the problem with the same special routing settings.
    Thanks yoour reply
Recommended Solution
0
0
#3
2 Reply
Re:VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6
3 weeks ago

Hi,@pinea 
Thank you for posting your query on our business forum.  

 

  • Please check your policy route configuration on the TL-R470, to confirm that you have selected the LAN interface instead of the WAN1 interface for the route entry.
  • We recommend you create a new policy route on the TL-R470 with the following parameters:  

Interface: LAN
Source Address: 100.0.8.0/24 (your VPN subnet)
Action: Allow
Please make sure this policy is placed before all deny rules in the policy list.

  • Please check your NAT rules on the TL-R470, to confirm that no unintended NAT rule is enabled for the 10.0.0.0/8 segment or the WAN2 interface, which would mistakenly apply address translation to traffic bound for 10.x.x.x.  
     

If it is convenient for you, could you also provide the following information to help us troubleshoot further:  

  • Could you confirm if the VPN service on your Archer device is working properly? Please try to ping the LAN IPs of the Archer and TL-R470T from your VPN client, and also ping the VPN client's IP from a device connected to the TL-R470T, then share the test results with us.
  • If the VPN service is confirmed to work normally, please perform a packet capture on the TL-R470 and share the capture file with us.

 

0
0
#2
Re:VPN client failure when establishing cross-segment Static Route access between AX23 and TL-R470 V6-Solution
3 weeks ago - last edited 2 weeks ago

  @Jeremy_12 

 

  •  policy route--100.0.8.0/24 Interface: LAN  Action: Allow----always
    WAN2 interface, which would mistakenly apply address translation to traffic bound for 10.x.x.x.---defult value , no add any rule
    VPN service on Archer device is working properly?----Yes,network is work normally,even login TL-R470T setup


    I didn't want to ping anymore, so I replaced the TL-R470V6 with a regular home router and solved the problem with the same special routing settings.
    Thanks yoour reply
Recommended Solution
0
0
#3

Information

Helpful: 0

Views: 172

Replies: 2

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.