ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
Hello,
I can't connect to the router's OpenVPN server from the local network
(connection to the router's SSL VPN server is possible from local LAN users)
With my previous ER605 V2 router everything is fine and I can connect to OpenVPN from the local network.
Any suggestions?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @RMitev
Thanks for posting in our business forum.
Try the connection from a computer that's in the 10.17.21.1/24
- Copy Link
- Report Inappropriate Content
Hello, from the external network 10.17.21.1/24 everithing is OK, but from internal network I can't connect.
In ER605 v1 and v2, I can connect to the openvpn server from both internal and external network ...
(By the way, the ER605 V1 with the latest firmware has a speed of 25 to 30 megabits via OpenVPN)
Best Regards
- Copy Link
- Report Inappropriate Content
Hi @RMitev
Thanks for posting in our business forum.
RMitev wrote
Hello, from the external network 10.17.21.1/24 everithing is OK, but from internal network I can't connect.
In ER605 v1 and v2, I can connect to the openvpn server from both internal and external network ...
(By the way, the ER605 V1 with the latest firmware has a speed of 25 to 30 megabits via OpenVPN)
Best Regards
Tested and have a reproduction of the issue. The problem mainly lies in the 707-M2, which has added a function to limit the OVPN message. Previously, it was found that in certain scenarios, OVPN messages would not be sent from the specified wan port, so restrictions were added to only send and receive messages on the corresponding WAN port.
605 has not been considered for this feature. But I think if this is added to the firmware. It should later be added to the 605.
The question now is what kind of scenario do you need this connection from the LAN? We have not found a legit scenario for such a use case which may cause some other trouble. So, we limit it.
- Copy Link
- Report Inappropriate Content
In a large LAN, encryption of important traffic may be necessary. Almost all smart switches offer traffic mirroring, ie. unencrypted traffic may compromise security in some cases.
In any case, from your point of view, you should also apply this rule to the SSL VPN server.
- Copy Link
- Report Inappropriate Content
Hi @RMitev
Thanks for posting in our business forum.
RMitev wrote
In a large LAN, encryption of important traffic may be necessary. Almost all smart switches offer traffic mirroring, ie. unencrypted traffic may compromise security in some cases.
In any case, from your point of view, you should also apply this rule to the SSL VPN server.
No. This does not sound right.
You are connecting from the LAN to the WAN of your VPN server. This is from the local network > NAT > VPN server and everything is local. This environment you described does not sound reasonable. I am sorry that I cannot use this reason in a report.
As I have explained the connection from the LAN side to the WAN side VPN server is not a normal use case.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1526
Replies: 15
Voters 0
No one has voted for it yet.