How do i route OpenVPN subnet to local

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How do i route OpenVPN subnet to local

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How do i route OpenVPN subnet to local
How do i route OpenVPN subnet to local
2020-09-14 20:15:47 - last edited 2020-09-17 05:59:22
Model: Archer AX1500  
Hardware Version:
Firmware Version:

I have configured OpenVPN on my AX1500 with the following settings:

 

Service Type: UDP

Service Port: 1194

VPN Subnet: 192.168.1.0

Netmask: 255.255.255.0

Client acces: internet and home network

 

I couldn't set the subnet to 192.168.0.0

If i connect a client to the VPN it gives an local ip of 192.168.1.X. Hereby i can't acces my fileserver because that has an local ip of 192.168.0.X

 

Now i don't know a lot about networking, but i've think i figured out that i need to route the VPN subnet the local subnet (192.168.1.X to 192.168.0.X)

 

If i want to add a routing entry i need to fill in the following items:

 

Network Destination:

Subnet Mask:

Default gateway:

Interface:

Description:

 

Can someone please help me configure this / give me other options / or tips ??? Please :)

  0      
  0      
#1
Options
1 Accepted Solution
Re:How do i route OpenVPN subnet to local-Solution
2020-09-17 05:59:18 - last edited 2020-09-17 05:59:22

@David1607 

 

Hello, thanks for asking.


Please help verify some details and we will try to figure it out:
1. Kindly check the below VPN setup instructions again to confirm all the settings on the AX1500 are correct:
How to use OpenVPN to access your home network through the Wi-Fi Routers
BTW, please also provide us your network topology.
2. Please check the VPN Tunnel: login the web interface, and on the VPN Server-> VPN Connections, we can see the status of the VPN Server, confirm if there is a VPN connection enabled. If not, which means the VPN setup is not successful.
3. Check the Firewall and Anti-Virus software on the server: generally, Windows Firewall would block the packages from the VPN Client, disabling the firewall on Windows PC for "public" and "private" network will be helpful. Windows Firewall is located at "Control panel->System and Security->Windows Firewall/Windows Defender Firewall".

 

May it help.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  1  
  1  
#2
Options
5 Reply
Re:How do i route OpenVPN subnet to local-Solution
2020-09-17 05:59:18 - last edited 2020-09-17 05:59:22

@David1607 

 

Hello, thanks for asking.


Please help verify some details and we will try to figure it out:
1. Kindly check the below VPN setup instructions again to confirm all the settings on the AX1500 are correct:
How to use OpenVPN to access your home network through the Wi-Fi Routers
BTW, please also provide us your network topology.
2. Please check the VPN Tunnel: login the web interface, and on the VPN Server-> VPN Connections, we can see the status of the VPN Server, confirm if there is a VPN connection enabled. If not, which means the VPN setup is not successful.
3. Check the Firewall and Anti-Virus software on the server: generally, Windows Firewall would block the packages from the VPN Client, disabling the firewall on Windows PC for "public" and "private" network will be helpful. Windows Firewall is located at "Control panel->System and Security->Windows Firewall/Windows Defender Firewall".

 

May it help.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  1  
  1  
#2
Options
Re:How do i route OpenVPN subnet to local
2021-11-14 16:40:46 - last edited 2021-11-14 16:42:10

Hi @Kevin_Z 

I've went through the info you've sent but it still hasn't given me simple answer.

 

My setup:

PC with OpenVPN client ---- [Internet] ----- TL-MR150 ------- LAN (192.168.1.0/24)

 

I am able to sucessfully open vpn connection and under VPN>VPN connections I am able to see my connected PC. Also on PC I see it has assigned IP address from the pool given in VPN>OpenVPN setup (10.8.0.0/24). In my case it is 10.8.0.6.

 

ARP table taken from Network>Static Routing on TL-MR150 looks like this:

ID Network Destination Subnet Mask Gateway Interface
1 10.8.0.2 255.255.255.255 0.0.0.0 LTE
2 46.77.89.72 255.255.255.252 0.0.0.0 LTE
3 10.8.0.0 255.255.255.0 10.8.0.2 LTE
4 192.168.1.0 255.255.255.0 0.0.0.0 LAN & WLAN
5 0.0.0.0 0.0.0.0 46.77.89.73 LTE

 

I am able to ping from 10.8.0.6 to 10.8.0.1 and from 10.8.0.1 to 10.8.0.6 which would mean VPN is working. What I need to setup to be able to ping from 10.8.0.6 to any address in my local network (i.e. 192.168.1.100)?

 

 

Thanks in advance :)

  1  
  1  
#3
Options
Re:How do i route OpenVPN subnet to local
2021-11-17 07:06:39 - last edited 2021-11-17 07:08:01

@g00fy 

Hi, Based on your request, there is no need to configure additional static routing tables on the MR150.

When you enable the OpenVPN server and check "home network only" or "internet and home network"  for client access, the OpenVPN clients are able to access the local network directly.

So your current issue is more related to the settings on the local network server.

Would you please help me check the following information:

1. When you mentioned that you are able to ping from 10.8.0.6 to 10.8.0.1, vice versa, do you mean different VPN clients are able to ping each other?

2. In the local network(192.168.1.xxx), could you please check whether the LAN clients are able to ping each other, especially the LAN server 192.168.1.100?

If yes, please send an email to support.forum@tp-link.com with the following information:

1. A picture of the Advanced>Status

2. A screenshot of the VPN connection page under Advanced>VPN>VPN connection.

3. A copy of the OpenVPN certificate.

 

Thank you very much.

 

 

 

  0  
  0  
#4
Options
Re:How do i route OpenVPN subnet to local
2021-11-17 12:02:59 - last edited 2021-11-17 12:03:34

@TP-Link 

"When you enable the OpenVPN server and check "home network only" or "internet and home network"  for client access, the OpenVPN clients are able to access the local network directly."

Unfortunatelly that does not work. At least on MR150 router. Attempt to assigning VPN IP address same as LAN network (192.168.1.x/24) returns error.

So on MDR150 I see 2 subnets 10.8.0.x/24 and 192.168.1.x/24 which cannot talk to each other.

 

1. When you mentioned that you are able to ping from 10.8.0.6 to 10.8.0.1, vice versa, do you mean different VPN clients are able to ping each other?

10.8.0.6 VPN client on external PC, 
10.8.0.1 MDR150 address after turning on VPN on it

 

2. In the local network(192.168.1.xxx), could you please check whether the LAN clients are able to ping each other, especially the LAN server 192.168.1.100?

all devices inside 192.168.1.x can ping each other

 

I'll update pictures later on.

  0  
  0  
#5
Options
Re:How do i route OpenVPN subnet to local
2021-11-20 16:37:00

@David1607 

Hi,

 

I was able to resolve one of the issues - the described above was caused that LANs on both VPN connection had the same settings 192.168.1.x/24. Changing one of LAN's settings to 192.168.10.x/24 resolved the problem and now I can ping from my VPN client PC into my local network.

 

2nd issue that I have is that from my VPN client I am not able to reach router configuration page (192.168.1.1). The error that I get is 403 forbidden. What am I doing wrong? How can I reach TL-MR150 from VPN client's machine. Please note that I do not want to enable "Remote Management" option as it opens additional possibility of security risk. I want to access router configuration page from Internet only when VPN connection is established.

 

Many thanks in advance :)

  4  
  4  
#7
Options

Information

Helpful: 0

Views: 7562

Replies: 5

Related Articles