Cannot Route to OpenVPN Client Subnet from Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Cannot Route to OpenVPN Client Subnet from Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Cannot Route to OpenVPN Client Subnet from Server
Cannot Route to OpenVPN Client Subnet from Server
2022-08-04 19:33:58
Tags: #VPN
Model: Archer AX20  
Hardware Version: V3
Firmware Version: Firmware Version: 1.1.1 Build 20220603 rel.3137(4341)

I am able to create an OpenVPN Client on the AX1800 (Archer AX20).  It successfully connects and I can ping the Server from the AX1800 side.  I cannot ping the AX1800 from the Server.  The OpenVPN server is running on a Windows machine.  "iroute" commands are imbedded in a ccd file on the server side so it can do proper routing to the LAN subnet on the AX1800.  I have another maching running Linux that connects to the Windows OpenVPN server and this verifies that the "iroute" commands work properly (I can ping Linux LAN IP addresses from the Server).

 

Is there anyway for the Server side to be able to route to the OpenVPN Client on the AX1800?

 

The following is my .ovpn file that I loaded into the AX1800:

 

client
dev tap
proto udp
remote 1.2.3.4 1194
resolv-retry infinite
nobind
user nobody
group nogroup
remote-cert-tls server
cipher AES-256-CBC
verb 0
cipher AES-256-CBC
auth SHA512
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
.
.
.
-----END CERTIFICATE-----
</ca>
<cert>
.
.
.
-----BEGIN CERTIFICATE-----
.
.
.
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
.
.
.
-----END OpenVPN Static key V1-----
</tls-auth>

 

  0      
  0      
#1
Options
2 Reply
Re:Cannot Route to OpenVPN Client Subnet from Server
2022-08-08 11:27:12

Hello @mwelv 

 

Thank you for reaching out to us and welcome to the TP-Link community.

Do you mean you want to access the PCA from the PCB in the above diagram? That is not allowed on the Client-to-Server setup. You can only access the server from the client, but not the other way round.

 

I also replied to bs207 in this thread, please have a check:

https://community.tp-link.com/us/home/forum/topic/538434?replyId=1054820

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:Cannot Route to OpenVPN Client Subnet from Server
2022-08-08 11:52:30

  @Kevin_Z 

 

In my situation PCA is one of the "Home devices" and PCB is one of the "VPN  Servers".  That is too bad.

 

PCA has limited communication capability (embedded firmware).  The communication paradigm would have to be changed.

  0  
  0  
#3
Options