ER8411 (and possibly others) cannot route to additional remote subnets over L2TP VPN
ER8411 (and possibly others) cannot route to additional remote subnets over L2TP VPN
We've got a site to site VPN setup for a remote office that has multiple subnets.
Site 1 (Main site) - TP-Link Omada ER8411
192.168.20.X
Site 2 (Remote site) - Draytek Vigor 3900 (To be replaced at the end of the year hopefully)
192.168.40.X - Working
192.168.55.X - Not working
192.168.112.X - Not working
192.168.121.X - Not working
When trying to route to 192.168.40.X from 192.168.20.X, no issues.
When trying to route to 192.168.55.X from 192.168.20.X, the ER8411 routes via WAN instead of the VPN.
Adding a static route does not fix it.
I'm not able to find a reason the router is not directing the traffic correctly.
Trace route shows it going via the router then out to the ISP router on a completely different subnet to our public IP.
These all worked prior to changing to the ER8411 from a Vigor 3900. The VPN policy at the other end was not changed beyond the proposal settings so I consider the other end "untouched".
VPN Policy settings
Is there something I'm missing or is this a bug?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@bambinotenchie The router has been updated to 1.2.2 to no avail. We're discussing pulling forward the router replacement at our remote office however it still may be a couple of months away. It would be great to have it working now.
It's unfortunate that something that should work in theory, doesn't. I can only assume it's something to do with the ARP table or something to that effect otherwise the router wouldn't be forwarding the traffic out through the WAN connection but rather forwarding to the VPN connection that the subnet is assigned to as shown below.
Do you have any other ideas?
- Copy Link
- Report Inappropriate Content
Hello. How can I add more remote subnets in standalone mode?
- Copy Link
- Report Inappropriate Content
Hi, Did you consider the firewall setting? It should be configured together with the VPN.
- Copy Link
- Report Inappropriate Content
@bambinotenchie There are no rules to block access to the subnets on the VPN connection.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 500
Replies: 14
Voters 0
No one has voted for it yet.