OpenVPN clients are not routing through ER7206 OpenVPN server

OpenVPN clients are not routing through ER7206 OpenVPN server

OpenVPN clients are not routing through ER7206 OpenVPN server
OpenVPN clients are not routing through ER7206 OpenVPN server
2024-10-14 23:25:35 - last edited 2024-10-15 03:19:25
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.4.2 Build 20240618 Rel.63827

I have enabled the OpenVPN service in my ER7206 with a setup that I want to allow OpenVPN clients to connect to the WAN side of the ER7206 and have full access to the LAN and also be routed to the Internet thought the LAN for external traffic.

I have installed the OpenVPN client on a Windows 10 and iPad to check the operation.

 

I take the client machines to the local Starbuck cafe and connect to their WiFe and then open the client machine's OpenVPN client sw. The client machines seem to connect to the ER7206 through the Internet with no errors being logged (on the clients) and they look like they are up.

After connection, they have no access to services on my local network (ping, nslookup, email server, web server, NAS, etc, etc). They do however, have full access to the Internet and what's on the Starbuck's WiFi network. 

When they access What Is My IP Address - See Your Public Address - IPv4 & IPv6, they show the Starbucks WiFi network's WAN address, not an IP address from the ER7206's WAN address.  

 

It seems clear that there is something mis-configured on the ER7206's OpenVPN service.

The Google search results seem to indicate a certain setting in an OpenVPN server's (ER7206) .conf file related to this. It suggests adding or modifing an entry for "push "route 192.168.123.0 255.255.255.0"". But, without access to the ER7206's config file, I don't know if that would fix anything.

 

Is there a proper way to do this on the ER7206 that actually works?

If it matters, the LAN is 192.168.123.0/24, the ER7206 is not running DHCP and it's LAN interface is 192.168.123.254.

 

ER7206 OpenVPN Config.

  0      
  0      
#1
Options
2 Accepted Solutions
Re:OpenVPN clients are not routing through ER7206 OpenVPN server-Solution
2024-10-15 03:17:31 - last edited 2024-10-15 03:20:29

Hi @ticedoff8 

Thanks for posting in our business forum.

See your home router WAN IP on that, you need fully routed, and you need to use the full tunnel mode.

ticedoff8 wrote

When they access What Is My IP Address - See Your Public Address - IPv4 & IPv6, they show the Starbucks WiFi network's WAN address, not an IP address from the ER7206's WAN address. 

 

 

But if you say that you cannot access your local services, you should consider moving the IP pool which is the VPN IP to a different subnet. That seems to be erroneous.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:OpenVPN clients are not routing through ER7206 OpenVPN server-Solution
2024-10-22 21:57:24 - last edited 2024-10-22 21:57:29

  @ticedoff8 Enabling "Full Mode" was the last step needed to get this working.

I confirmed that the IP address is changing on teh iPad and laptop when I open and close the VPN have all the access needed on the ER7206's LAN and out to the Internet.

Thanks. 

Recommended Solution
  1  
  1  
#4
Options
3 Reply
Re:OpenVPN clients are not routing through ER7206 OpenVPN server-Solution
2024-10-15 03:17:31 - last edited 2024-10-15 03:20:29

Hi @ticedoff8 

Thanks for posting in our business forum.

See your home router WAN IP on that, you need fully routed, and you need to use the full tunnel mode.

ticedoff8 wrote

When they access What Is My IP Address - See Your Public Address - IPv4 & IPv6, they show the Starbucks WiFi network's WAN address, not an IP address from the ER7206's WAN address. 

 

 

But if you say that you cannot access your local services, you should consider moving the IP pool which is the VPN IP to a different subnet. That seems to be erroneous.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:OpenVPN clients are not routing through ER7206 OpenVPN server
2024-10-16 16:39:50

  @Clive_A  Thanks for the reply.

After I enabled "Full Mode" the "Local Network" changed itself to 0.0.0.0/0 and cannot be changed.

I assume this is expected.

I need to check it later today to see if this solves the problem

 OPenVPN with Full Mode enabled

  1  
  1  
#3
Options
Re:OpenVPN clients are not routing through ER7206 OpenVPN server-Solution
2024-10-22 21:57:24 - last edited 2024-10-22 21:57:29

  @ticedoff8 Enabling "Full Mode" was the last step needed to get this working.

I confirmed that the IP address is changing on teh iPad and laptop when I open and close the VPN have all the access needed on the ER7206's LAN and out to the Internet.

Thanks. 

Recommended Solution
  1  
  1  
#4
Options