setting up OpenVPN server on Archer_7 and client on AX3200
Newbie question
I set up an OpenVPN server using TCP on my Archer A7 (192.168.254.71) and saved the exported file to import to the VPN client of an AX3200 (192.168.0.1).
They connect up and I seem to have a stable VPN!
In the Archer A7 VPN connections, I see that the AX3200 connects with 10.8.0.6.
I was expecting to be on the server-side LAN 192.168.254.71 and went to "System Tools > Diagnostic" and ping to the client-side, but every time I do I get
—————————
PING 10.8.0.6 (10.8.0.6): 32 data bytes
Request timed out !
Request timed out !
Request timed out !
Request timed out !
--- Ping Statistic "10.8.0.6" ---
Packets: Sent=4, Received=0, Lost=4 (100.00% loss)
—————————
PING 192.168.0.1 (192.168.0.1): 64 data bytes
Request timed out !
Request timed out !
Request timed out !
Request timed out !
--- Ping Statistic "192.168.0.1" ---
Packets: Sent=4, Received=0, Lost=4 (100.00% loss)
—————————
I do have a firewall port forwarding rule on the server-side ISP router for 192.168.254.71:1194
Do I need to have routes set up on the A7 and AX3200??
thank you
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @bs207
Thanks for reaching out to us.
Sorry to inform you that you need to ping VPN server from the client to test the connection. You can't ping from VPN server to the client.
Please login to your Archer AX3200>> System Tools >> Diagnostic >> ping your Archer A7 and see what is the result. Thanks~
- Copy Link
- Report Inappropriate Content
Thank you for responding.
Yes, I was able to ping from the Client to the Server.
So the VPN builds a one-way tunnel?? I thought that once the tunnel was open it established a two-way communications path, that anything on the 10.8.0.0 network could openly communicate.
- Copy Link
- Report Inappropriate Content
Hi @bs207
Thanks for getting back to us.
The VPN connection that you set up is client to LAN VPN, not LAN to LAN VPN, so that you can't ping from server side to the client side. And our SOHO router doesn't support to set up LAN to LAN VPN currently. Hope my answer can help you~
- Copy Link
- Report Inappropriate Content
Hello @bs207 and @Wayne-TP, interesting discussion, I'm joining this conversation to show how I understand it.
1. Whether you can ping or get a response from 10.8.0.6?
I guess not. 10.8.0.6 is the IP address assigned to the AX3200 by the VPN Server, we can take it as the "WAN IP" of the VPN tunnel between the Server and the Client, generally, the WAN IP or address of a VPN tunnel will not allow being pinged from outside or another network, which is used to protect the network security. Take the gateway router as an example, you cannot get a ping response from the WAN IP address of the router, as that is disabled for ping, but that doesn't mean it is a one-way tunnel, since you can access the internet when connecting to the router.
2. Whether you can ping or get a response from 192.168.0.1?
No also. 192.168.0.1 is an IP address that communicates in a local network, it is not exposed to the public network due to the NAT generated by a gateway router, which is AX3200 in your network.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
So just trying to understand these issues - I resolved a lot of issue by dropping the last ISP and picked up a new ISP with a Static IP. Connection is now stable.
TOPOLOGY:
1. tp-link Archer_A7 (WAN IP 205.xxx.xxx.xxx, LAN IP 192.168.0.1) VPN Server (10.8.0.1)
2. VPN Server LAN Synology NAS1 (LAN IP: 192.168.0.250)
3. tp-link AX3200 (WAN IP 69.xxx.xxx.xxx, LAN 192.168.0.1) VPN Client (10.8.0.5)
4 VPN Client LAN Windows 10 PC (LAN IP: 192.168.0.111)
The first issue that I think I see is that the two tp-link routers are both using 192.168.0.1 - should I change one of them to be 192.168.1.1 just to differentiate them? Internal routing should keep them correct, but I am not sure about that.
Next issue is how can I mount the NAS1 on the PC? Doing a file manager : \\192.168.0.250\ to show the shares just times out. There doesn't seem to be a way to find out or map to 10.8.0.* addresses.
Next logic flaw, I thought that with OpenVPN once a connection tunnel is created I should be able to mount and see any devices on BOTH networks. I am assuming that once the tunnel is created the routers know that any 192.168.0.0 traffic stays on its LAN and anything 10.8.0.0 will get routed to the VPN tunnel. Isn't this why it is called a Virtual Private NETWORK?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1265
Replies: 8
Voters 0
No one has voted for it yet.