Unable to access VPN client LAN in router over SSL VPN SERVER in router too.
Unable to access VPN client LAN in router over SSL VPN SERVER in router too.
Hello everyone!
As explained in the title, when I connect remotely to my router via SSL VPN, I can access the LAN configured in my router without any problem, but I cannot access the server available via a client VPN tunnel created on this same router, yet when I have a PC connected directly to the router's LAN, I can access it without any problem.
MODEM: 192.168.200.1
LAN ROUTER: 192.168.210.1/24
VPN SERVER IP POOL: 192.168.210.50 - 192.168.210.99
ROUTER VPN CLIENT: 192.168.113.1
SERVER try to access: 10.101.1.25
To try to understand the problem, I made a "tracert", here is the result I get when I do it from a local computer on the router's LAN
And now here is the result I get when I do it remotely via the VPN server
As you can see, the next hop is directly to my modem at 192.168.200.1.... While it should be 192.168.113.1
To try to solve the problem, I tried to make a static route, so if we try to contact my server on the VPN client, I immediately redirect to the router that knows the route, but this has no effect, the tracert is identical, it goes directly to the modem...
Do you have any leads to suggest to me? I'm starting to run out of ideas...
Thank you very much for your help.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
try change ip pool like this
MODEM: 192.168.200.1
LAN-RUTER: 192.168.210.1/24
VPN SERVER IP POOL: 10.23.1.10 - 10.23.1.100
ROUTER VPN-KLIENT: 192.168.113.1
SERVER prøver å få tilgang til: 10.101.1.25
- Copy Link
- Report Inappropriate Content
Hello @MR.S , thanks for your help again :)
I try change ip pool like this
But not working, same problem
- Copy Link
- Report Inappropriate Content
how is the configuration between modem and router? do you have port forwarded ssl vpn port? there is little information about your solution,
- Copy Link
- Report Inappropriate Content
I tried to make a diagram of the network, with under each device the configuration information that seems important to me, I hope this will help.
As a reminder, everything works fine, the only thing that does not work is accessing a server with the IP 10.101.1.25 which is on the "OpenVPN Client" when connected to the "SSL VPN Server".
- Copy Link
- Report Inappropriate Content
Is the OpenVPN client on the same router as the SSL VPN Server or is the client on a PC? and where is 10.101.1.25 in your diagram? I don't quite understand what you are trying to achieve here, to me it looks like you have two components, a Client and an SSL Server, if you are going to connect the client to the SSL Server, the most common thing is to do it from WAN to LAN, a client on Router normally connects from LAN to WAN, maybe @Clive_A better understands what you are trying to do.
- Copy Link
- Report Inappropriate Content
Hi @Raphyraphy
Thanks for posting in our business forum.
Raphyraphy wrote
To try to understand the problem, I made a "tracert", here is the result I get when I do it from a local computer on the router's LAN
And now here is the result I get when I do it remotely via the VPN server
As you can see, the next hop is directly to my modem at 192.168.200.1.... While it should be 192.168.113.1
To try to solve the problem, I tried to make a static route, so if we try to contact my server on the VPN client, I immediately redirect to the router that knows the route, but this has no effect, the tracert is identical, it goes directly to the modem...
Do you have any leads to suggest to me? I'm starting to run out of ideas...
Thank you very much for your help.
This is a mess. The diagram below is crippled as well. You probably should specify the Client and the 10.X.X.X IP.
Meanwhile, my gut tells me that the traceroute is okay. When you have different directions, ingress, or egress, the route looks different of course. Unless you have specified the routing tables for both directions.
If you have read all routing tables, and you can point out where is wrong, that'd be better for further discussion.
- Copy Link
- Report Inappropriate Content
Thank you for your help, sorry I am well aware that my diagram is not a "professional" diagram, here is a new version which I hope will be clearer, I removed what seemed not useful for this specific problem, and added the missing equipment.
So to answer the question, yes the OpenVPN client is on the same router as the SSL VPN server, and the 10.101.1.25 server is located after the VPN tunnel of the VPN client (To be honest I don't have access to the exact configuration that is beyond the VPN client, I "guessed" it from the tracert, where we see that it connects to 192.168.113.1, then 10.102.1.1, and finally the 10.101.1.25 server)
I added the red and green lines so you can see where my problem is and different ping test that I did, so from a PC connected directly to my router, I can access the 10.101.1.25 server which is beyond the VPN client, however from a PC connected to my VPN server, impossible to access it.
Thanks.
- Copy Link
- Report Inappropriate Content
In addition to my answer just above, here is the routing table of my router 192.168.200.254, the one that contains pretty much everything, my vlans, my VPN client and my VPN server.
- Copy Link
- Report Inappropriate Content
I don't know if it works, you connect to the router with SSL VPN from a client and proceed with OpenVPN on the same router, is that correct? I think you have to contact TP-Link support to ask them to help you, they may be able to run a remote to look at your setup. Clive_A is on the thread, maybe he has some tips. Unfortunately, I can't help you with good advice when I know so little.
- Copy Link
- Report Inappropriate Content
I did a test here, an ER707-M2 with SSL VPN server and the same router has an OpenVPN client for some remote networks. when I connect to the SSL VPN with my PC, I only get the local networks on the ER707, I don't know how to route from the SSL VPN to the OpenVPN client on the same router. so I can't connect to any of the networks that go in the OpenVPN client on the router. I use a full tunnel so all traffic from my PC goes out on the ER707 LAN and WAN but not OpenVPN.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 374
Replies: 17
Voters 0
No one has voted for it yet.