Configuring VLAN access over a VPN
Hello,
I have an ER707-M2 router with several VLANs configured, this side works very well, all my VLANs have internet and work very well!
On the other hand, I currently have to connect "manually" with my PC and the "WatchGuard" software to access the directory of a remote PC, so I'd like to stop using this software and do it directly with the router. Mind you, I don't want all my VLANS traffic to go through this VPN, I just want to access the PC's remote resource.
So on the router, I've set up a connection in VPN => OpenVPN => OpenVPN Client, and when I go to "OpenVPN Tunnel", it's connected.
But that's where I get stuck, what to do next! If I ping the PC's IP remotely, it can't find it... I guess I'll have to do some routing somewhere in the router?
Thanks for your help!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Finally it works!
In the "Local network" I thought it was necessary to indicate the IP range that was used by the VPN... when no, it's really the local IP range that we want to use in our network!
In short, it works now!
Thanks!
- Copy Link
- Report Inappropriate Content
can you ping anything on the remote site? if you ping a printer or remote gateway, do you get a response then?
- Copy Link
- Report Inappropriate Content
The only thing I can ping is the local IP address assigned by my VPN connection (192.168.113.3), but I think I'm missing something, I'm not used to doing this.
I'll try to simplify, I have a remote server on which I manage to connect with my router with OpenVPN Client, it assigns me the IP 192.168.113.3
On this same router, I have 3 VLANs, 192.168.100.1/24, 192.168.200.1/24 and default 192.168.1.1/24
On the remote server, I need to be able to access the resource on the PC 10.101.1.25
I've tried adding a route from 1.101.1.0/24 to 192.168.113.3, but it doesn't work.
ID 1 is the one I created, the others were created automatically.
Here's what I get with a tracert from pc connected on 192.168.100.0
With other PC connected directly to internet, and use WatchGuard, the tracert working... so on the server side everything's ok... what did I forget?
- Copy Link
- Report Inappropriate Content
What type of vpn server are you using? you should not create any manual rout on the router, all routing takes place on the OpenVPN server.
It's been a while since I've used OpenVPN, but when I used it I had to edit the client file on the server that was in the ccd folder, the client file looks roughly like this to create routing.
ifconfig-push 10.74.10.11 255.255.255.0
push "route 172.20.10.0 255.255.255.0"
push "route 10.0.0.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"
- Copy Link
- Report Inappropriate Content
If I look at WatchGuard's configuration to try to copy its configuration, it uses the virtual IP 192.168.113.8, but it also creates a Gateway 192.168.113.1, I don't have this Gateway created on my router, could this be my problem?
Because if I look at the routes created by WatchGuard, it actually configures a route to this GateWay, and if I ping this gateway, it works...
But if I try to ping 192.168.113.1 on the PC connected to my router, it doesn't work, so i can't create route to gateway...
- Copy Link
- Report Inappropriate Content
I don't know exactly which server it is, it's really complicated to get information from the people who manage this service, so I was going to try to copy the configuration present on WatchGuard, which works.
When I look at the client.ovpn file that I can download, there are no routes in this file, only the connection information.
- Copy Link
- Report Inappropriate Content
you should not do anything on the Omada router, the only thing you can and should do is enter the IP address of the remote server, port number, and username and password and local network that will be in the vpn tunnel and then import the ovpn file. everything else must be done on the remote server.
Omada may not support watcguard. OpenVPN on Omada has not been upgraded to the latest versions so there have been some problems with newer systems, I mean to remember that Omada supports OpenVPN 2.4 and older, OpenVPN newer than ver. 2.4 then it will not work.
I don't know watchguard so I can't help there.
but DO NOT create any router on your Omada router, then you will only have problems.
- Copy Link
- Report Inappropriate Content
Following your remark, I updated the version of my router to see if OpenVPN would be better supported.
There is progress! Indeed now, when I open the VPN tunnel, then I go to the router routes, I see that it has created all the routes automatically!
However, it still does not work...
Here are the routes added automatically when the VPN connects (those with the "VPN" interface), the others are also created automatically when creating the vlans and wans.
What I do not understand is that if I understand correctly, it goes through 192.168.113.1 to join the VPN, but if I ping this IP, it is unreachable... whereas if I open my VPN software, and I point to this same IP, then the ping works... did I miss something?
This is my configuration of my VPN
And this is confirm is connected
The Local network that I enter in the VPN configuration... we agree that I do not have to create or manage this IP locally? because impossible to ping 192.168.113.1, but i can ping 192.168.113.9 ??
- Copy Link
- Report Inappropriate Content
Finally it works!
In the "Local network" I thought it was necessary to indicate the IP range that was used by the VPN... when no, it's really the local IP range that we want to use in our network!
In short, it works now!
Thanks!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 519
Replies: 8
Voters 0
No one has voted for it yet.