Static route to VPN Subnet not working

Static route to VPN Subnet not working

Static route to VPN Subnet not working
Static route to VPN Subnet not working
2024-06-11 10:21:29 - last edited 2024-06-12 02:01:51
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.3.1 Build 20231207 Rel.61384

Hi,

 

I'm running an ER605v1 router with an Omada Controller OC200. Gateway's IP is 192.168.0.1. There is also a Huawei router-modem (5G CPE 2) in place. It's bridge mode is broken, so I have assigned it 10.0.0.1 and connected it to the ER605 which gets 10.0.0.2. Everything works fine, despite the double NAT situation.

 

I have a NAS at an external location which connects to the Controller via VPN. It's IP is 192.168.10.1. I can see the tunnel in the Insights tab: 

10.0.0.2 -> externalIP

10.0.0.2 <- externalIP

 

Now, I want my home network to be able to connect to the external NAS. I've added a static route:

However, when I tracert the NAS at 192.168.10.1, I always get only the controller (192.168.0.1). If I enter 10.0.0.1 or 10.0.0.2, it's the same. I think if the Huawei Router-modem is at fault, tracert would end there, not right after the gateway.

 

Any help is appreciated!

  0      
  0      
#1
Options
1 Accepted Solution
Re:Static route to VPN Subnet not working-Solution
2024-06-12 02:01:42 - last edited 2024-06-12 02:01:51

Hi @Vienna_Steve 

Thanks for posting in our business forum.

Static routing is not effective for the VPN tunnel/subnet.

If you have any routing for the VPN, please configure it on the server end.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
5 Reply
Re:Static route to VPN Subnet not working-Solution
2024-06-12 02:01:42 - last edited 2024-06-12 02:01:51

Hi @Vienna_Steve 

Thanks for posting in our business forum.

Static routing is not effective for the VPN tunnel/subnet.

If you have any routing for the VPN, please configure it on the server end.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:Static route to VPN Subnet not working
2024-06-12 10:25:13

  @Clive_A Hi, thanks for your quick response. My VPN server IS the ER605. How can my local network assets connect to the VPN subnet?

  0  
  0  
#3
Options
Re:Static route to VPN Subnet not working
2024-06-13 00:54:01

Hi @Vienna_Steve 

Thanks for posting in our business forum.

Vienna_Steve wrote

  @Clive_A Hi, thanks for your quick response. My VPN server IS the ER605. How can my local network assets connect to the VPN subnet?

When you configure the VPN server, you have to choose the Local Networks. That's where you configure it and where you define your local resources to be available on the VPN tunnels.

For the Wireguard VPN, it's the same thing. Allowed IPs.

 

If you ask this, I think you misunderstand the VPN type. Or what you want to achieve is not client-to-site. Specify the VPN type and mode, and your goal if you don't understand the explanation above.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:Static route to VPN Subnet not working
2024-06-13 14:07:15

  @Clive_A Thank you for your assistance. Indeed, maybe I don't understand it correctly.

 

So, I have configured a VPN server in Omada (Settings, VPN). It's L2TP-Server, because this standard is the only one my NAS can connect to. 

 

 

My NAS can connect to the Omada VPN Server via the internet. (See screenshot in my first posting.)

Now, I want to be able to connect to my NAS while it is connected to my VPN. So, 192.168.0.100 (in LAN) should be able to connect to 192.168.10.1 (in VPN). As I understand it, static route is usually the way to go. Or is it?

  0  
  0  
#5
Options
Re:Static route to VPN Subnet not working
2024-06-14 01:02:49

Hi @Vienna_Steve 

Thanks for posting in our business forum.

Vienna_Steve wrote

  @Clive_A Thank you for your assistance. Indeed, maybe I don't understand it correctly.

 

So, I have configured a VPN server in Omada (Settings, VPN). It's L2TP-Server, because this standard is the only one my NAS can connect to. 

 

 

My NAS can connect to the Omada VPN Server via the internet. (See screenshot in my first posting.)

Now, I want to be able to connect to my NAS while it is connected to my VPN. So, 192.168.0.100 (in LAN) should be able to connect to 192.168.10.1 (in VPN). As I understand it, static route is usually the way to go. Or is it?

No. Again, Static Routing does not work for the VPN tunnels. So stop thinking in that direction.

 

LAN is 192.168.0.1/24 which is already included in the Local Networks - All. There is nothing you should do to change or modify. It should work directly.

The NAS should be able to ping the 192.168.0.1. Is that correct? If so, that means the VPN tunnel is up and running. If you cannot access a certain device or vice versa, you should check the firewall settings on your devices instead of figuring out the router.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options