Hi,
Thank you for help. I think this condition is met, there is no overlap:
VPN Server IP belongs to 10.*
ONT have 192.168.100.1
LAN have 172.*
Also, I mention that I can access the LTE USB stick used as Secondary WAN:
(192.168.3.1) ------- LTE ------[Secondary WAN] --> working from VPN Server
(192.168.100.1) -- ONT ---- [bridge mode] -------> failed connectivity using VPN Server (I have ping fired from VPNS to 192.168.100.2 but failing to 192.168.100.1)
Both are working from LAN.
I solved LTE USB for LAN by adding into nat-start below rule:
iptables -t nat -I POSTROUTING -o eth8 -j MASQUERADE
I solved ONT for LAN by adding into nat-start below rule:
ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0
Please find below some outputs:
Code:
AX88>191716/tmp/home/root#:ip route
10.xx.xx.xx/24 dev tun21 proto kernel scope link src 10.xx.xx.x
192.168.7.0/24 dev eth8 proto kernel scope link src 192.168.7.122
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2
System Log - Routing Table
IPv4 Routing table
Destination_______Gateway_______Genmask________Flags____Metric____Ref_____Use_____Iface
169.254.0.0__________*________255.255.0.0__________U_________0_______0_______0_______MAN
192.168.7.0__________*________255.255.255.0_______U__________0_______0_______0_______WAN
192.168.100.0________*________255.255.255.0______U__________0_______0_______0_______MAN
[...]
AX88>191726/tmp/home/root#:ifconfig -a
eth0 Link encap:Ethernet
inet addr:169.254.x.xxx Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45091850 errors:0 dropped:0 overruns:0 frame:0
TX packets:24841698 errors:0 dropped:104 overruns:0 carrier:0
eth0:0 Link encap:Ethernet
inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0
[...]
eth8 Link encap:Ethernet
inet addr:192.168.7.122 Bcast:192.168.7.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15033 errors:0 dropped:0 overruns:0 frame:0
TX packets:39437 errors:0 dropped:0 overruns:0 carrier:0
AX88>191736/tmp/home/root#:netstat -rn
Kernel IP routing table
Destination _____Gateway______Genmask _______Flags____MSS Window irtt____Iface
192.168.7.0______0.0.0.0______255.255.255.0 _____U________0_____0______0____eth8
192.168.100.0____0.0.0.0______255.255.255.0_____U________0_____0_______0____eth0
[...]
AX88>033349/tmp/home/root#:iptables -t nat -L POSTROUTING -n -v --line-numbers
Chain POSTROUTING (policy ACCEPT 69 packets, 4227 bytes)
#num____pkts____bytes_____target_____________prot_______opt____in_____out_______source_________destination
#5_______59______358______MASQUERADE_____all_________--_____*______eth8_____0.0.0.0/0__________0.0.0.0/0
#9________0________0_______MASQUERADE_____all_________--_____*______eth0_____!169.254.x.xxx____ 0.0.0.0/0
[Maybe #1]:
I have to add something like below --- -because I cannot see a rule for eth0:0 at last command 033349 -- (I tested below, but this one is not working):
iptables -t nat -I POSTROUTING -o eth0:0 -j MASQUERADE
[Maybe #2]:
because of #9 and this negative: !169.254.x.xxx? >:
#9 0 0 MASQUERADE all -- * eth0 !169.254.x.xxx 0.0.0.0/0
[Maybe #3]:
ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0 --> [gui for www is 192.168.100.1 not x....2]
Please, if anybody have a clue, please share. I will search myself in the meantime in order to mark this thread as solved to help us all
BR,
amplatfus