What's new

VPN Connects But No Network Access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

lydnsn

Occasional Visitor
Good morning gentlemen. I am having a bit of a problem with my vpn connection. I am using an asus router that has a built in vpn server. The model is RT-AC68U. I have followed their instructions for setting up the server. I enabled the server and set up the DDNS. Created a user name and password. I can connect to the server just fine and browse the internet but i cant access anything on the network.I checked status of server and it shows me as connected. When i check the properties of the connection it says internet access but no network access .Its also showing data being sent and recieved even though i am not using internet. I have heard that if you are trying to connect from one network to another there could be a conflict of ip addreses i am trying to connect from home using a cable modem a single computer and no router. Do i use the VPN client built into the router or do i set up a VPN connection on my computer ? I have a dynamic IP so i used the DDNS service. I can connect by entering server name but thats as far as i can get. I tried entering the ip of computer i want to connect to but to no avail. I dont neede access to whole network just one computer. Any suggestions.
 
lydnsn,

I see the same behavior with the Dlink DIR-880L. Using a GS5 with Android's built in VPN client I can connect fine to the router's L2TP/IPSEC PSK setup, but cannot ping or access any of the computers via IP address in the LAN. I can however connect to the internet while tunneling. My ip gets reported the same as WAN, so I know something's working.

My settings are:

DIR-880L
General
L2TP over IPSec: Enabled
Username: ********
Password: ********
PSK: ********

Advanced Settings...
Authentication Protocol: MSCHAPv2
MPPE: RC4-128

Galaxy S5
Settings>Connections>More Networks>VPN>Basic VPN

Type: L2TP/IPSec PSK
Server Address: *******
L2TP secret: Not used
IPSec identifier: Not used
IPSec pre-shared key: **********
DNS search domains: Not used
DNS servers: Not used
Forwarding routes: Not used

Syslog server indicates that my VPN client gets assigned the ip 192.168.100.1 (local) and 192.168.100.2 (remote). My DHCP subnet is set to 192.168.0.100-120 however, so there's a hint I think. It looks having separate subnets for VPN clients is standard practice, I'm not entirely sure why though. Security maybe? If that's the case why connect if not able to talk to the lan? If you or anyone has a solution I would buy you a beer or six :D I've tried disabling ALG, SPI, IPV4 Multicast, all with no results o_O
 
Just an update. I was not able to access anything on the network over VPN before but it appears RDP and other things apps with Web interfaces are working. Still cannot access LAN shares using programs like FXViewer (file manager). /frustrated
 
@System thank you for your help, I genuinely appreciate it. I have FXViewer (and ES File Explorer) pointed to my home server at ip 192.168.0.100/Documents with credentials saved. The same profiles work flawlessly when connected via wifi but still not over vpn. Here's a question: Is it necessary to add a static route from VPN->LAN (192.168.100.x -> 191.168.0.x)? I can access RDP and web logins including router setup at 192.168.0.1 while connected, so client sees the IP addresses at least. If it is, are static routes two way VPN<->LAN?

There are a lot of resources and info out there with regards to connecting to a VPN host *inside* of a LAN. Much less about router VPN setups. I am researching my best on this. Thanks again for your help!
 
adding a static route helps but your router might have the route already added. What needs to be added is the static route to the LAN devices which might extend their broadcast if not you can create a NAT rule to also divert broadcast/multicast traffic around.
 
System thanks for the help. How exactly could I do this? The 880 does static routes for WAN only (is that sufficient)? Not sure if the 880 has rules I can setup either. Dlink really cleaned up their management interface (ie removed a lot of options). I'm thinking DD-WRT will have to be flashed to do some of this.

Another option might be to setup my previous DIR-825 with dd wrt and bridge that VPN subnet to the DIR-880L. Bridging would allow broadcast traffic. Could solve a lot of problems.
 
You cant do this using stock consumer router firmware. you should try openwrt. You could try using port forwarding with end ip of 255 for the target instead but it needs to be from the LAN side not WAN. Try static routes first and if you still cant than try this.
 
So, long story short for anyone searching for information on connecting Android devices via stock VPN app to their Dlink DIR-880L (and other routers with similar setups) via L2TP/IPSEC :

- 192.168.0.x (LAN) and 192.168.100.x (VPN) subnets are connected by default. Not sure if that means they are bridged (no mDNS traffic was detected), but they do talk. There's no need to do anything fancy in the router setup for this

- Communication that works with LAN clients over VPN (that I know of): HTTP, SSH, RDP, FTP

- Browsing SMB (shares): not possible without some kung fu. ES File Explorer and other android apps don't talk SMB over VPN very well apparently. FTP servers DO work. I set one up on IIS (local scope only) and everything connects immediately

Just wanted to share what I found for anyone else interested.
 
Check your firewall configuration. If your clients are in a different subnet from your LAN, they might be blocked by default. Here, I have to specifically allow my OpenVPN subnet in Norton Security to be able to access my desktop shares over VPN (while Remote Desktop has no problem, being already allowed by default).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top