Static route to VPN Subnet not working
Hi,
I'm running an ER605v1 router with an Omada Controller OC200. Gateway's IP is 192.168.0.1. There is also a Huawei router-modem (5G CPE 2) in place. It's bridge mode is broken, so I have assigned it 10.0.0.1 and connected it to the ER605 which gets 10.0.0.2. Everything works fine, despite the double NAT situation.
I have a NAS at an external location which connects to the Controller via VPN. It's IP is 192.168.10.1. I can see the tunnel in the Insights tab:
10.0.0.2 -> externalIP
10.0.0.2 <- externalIP
Now, I want my home network to be able to connect to the external NAS. I've added a static route:
However, when I tracert the NAS at 192.168.10.1, I always get only the controller (192.168.0.1). If I enter 10.0.0.1 or 10.0.0.2, it's the same. I think if the Huawei Router-modem is at fault, tracert would end there, not right after the gateway.
Any help is appreciated!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for posting in our business forum.
Static routing is not effective for the VPN tunnel/subnet.
If you have any routing for the VPN, please configure it on the server end.
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
Static routing is not effective for the VPN tunnel/subnet.
If you have any routing for the VPN, please configure it on the server end.
- Copy Link
- Report Inappropriate Content
@Clive_A Hi, thanks for your quick response. My VPN server IS the ER605. How can my local network assets connect to the VPN subnet?
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
Vienna_Steve wrote
@Clive_A Hi, thanks for your quick response. My VPN server IS the ER605. How can my local network assets connect to the VPN subnet?
When you configure the VPN server, you have to choose the Local Networks. That's where you configure it and where you define your local resources to be available on the VPN tunnels.
For the Wireguard VPN, it's the same thing. Allowed IPs.
If you ask this, I think you misunderstand the VPN type. Or what you want to achieve is not client-to-site. Specify the VPN type and mode, and your goal if you don't understand the explanation above.
- Copy Link
- Report Inappropriate Content
@Clive_A Thank you for your assistance. Indeed, maybe I don't understand it correctly.
So, I have configured a VPN server in Omada (Settings, VPN). It's L2TP-Server, because this standard is the only one my NAS can connect to.
My NAS can connect to the Omada VPN Server via the internet. (See screenshot in my first posting.)
Now, I want to be able to connect to my NAS while it is connected to my VPN. So, 192.168.0.100 (in LAN) should be able to connect to 192.168.10.1 (in VPN). As I understand it, static route is usually the way to go. Or is it?
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
Vienna_Steve wrote
@Clive_A Thank you for your assistance. Indeed, maybe I don't understand it correctly.
So, I have configured a VPN server in Omada (Settings, VPN). It's L2TP-Server, because this standard is the only one my NAS can connect to.
My NAS can connect to the Omada VPN Server via the internet. (See screenshot in my first posting.)
Now, I want to be able to connect to my NAS while it is connected to my VPN. So, 192.168.0.100 (in LAN) should be able to connect to 192.168.10.1 (in VPN). As I understand it, static route is usually the way to go. Or is it?
No. Again, Static Routing does not work for the VPN tunnels. So stop thinking in that direction.
LAN is 192.168.0.1/24 which is already included in the Local Networks - All. There is nothing you should do to change or modify. It should work directly.
The NAS should be able to ping the 192.168.0.1. Is that correct? If so, that means the VPN tunnel is up and running. If you cannot access a certain device or vice versa, you should check the firewall settings on your devices instead of figuring out the router.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 576
Replies: 5
Voters 0
No one has voted for it yet.