Need some help I have set up vpn server => client

[octopus]

Hello guys.
Need some help I have set up vpn server => client (client is another brand router with vpn sw 2.6.14) and can't reach other side lan clients from server. (ping working though)

Client side have this:
LAN 192.168.46.0/24
option route_nopull '1'
list route '192.168.50.0 255.255.255.0'

Server side have this:
192.168.50.0/24
server 10.8.44.0 255.255.255.0
push "route 192.168.50.0 255.255.255.0 vpn_gateway 500"
route 192.168.46.0 255.255.255.0

I also have CCD file and ipp.txt

Hope someone have som suggestions.

 

[ColinTaylor]

So you can "ping" the VPN client-side hosts (192.168.46.x) but you can't "reach" them?

 

[octopus]

So you can "ping" the VPN client-side hosts (192.168.46.x) but you can't "reach" them?

Yes it is strange.

PING 192.168.46.1 (192.168.46.1): 56 data bytes
64 bytes from 192.168.46.1: seq=0 ttl=64 time=6.170 ms
64 bytes from 192.168.46.1: seq=1 ttl=64 time=5.083 ms
64 bytes from 192.168.46.1: seq=2 ttl=64 time=5.030 ms

 

[ColinTaylor]

What do you mean by "reach" then if you can ping them?

 

[octopus]

What do you mean by "reach" then if you can ping them?

If I try to reach GUI on client side I get no response, only with ping using MobaXterm

 

[ColinTaylor]

If I try to reach GUI on client side I get no response...

This is all a bit vague. What kind of GUI and what kind of device? What about other devices?

Does this device(s) have a firewall? If so, have you allowed traffic through from the VPN subnet (10.8.44.0/24)?

 

[octopus]

This is all a bit vague. What kind of GUI and what kind of device? What about other devices?

Does this device(s) have a firewall? If so, have you allowed traffic through from the VPN subnet (10.8.44.0/24)?

Yes it has. It's GL-MT6000
have you allowed traffic through from the VPN subnet (10.8.44.0/24)? => on client side?

 

[dave14305]

Hopefully it’s not too pushy of me to link to octopus’ thread over at OpenWRT for the other half of the setup:

Vpnserver => client connection configuration suggestions

I have configured a vpn client connected to server on a asuswrt router/server. Connection working fine and can connect to server from client side. But not the other way (server => client) get not ping answer either. I have tried some configurations and still scratching my head. I think I...

forum.openwrt.org

 

[ColinTaylor]

Yes it has. It's GL-MT6000
have you allowed traffic through from the VPN subnet (10.8.44.0/24)? => on client side?

We appear to be talking about different devices.

When you said "can't reach other side lan clients from server" I thought you were talking about client devices on the LAN, e.g. PC, laptop NAS, printer, etc.

But are you only talking about the VPN client / gateway router (GL-MT6000)?

 

[octopus]

Hopefully it’s not too pushy of me to link to octopus’ thread over at OpenWRT for the other half of the setup:

Vpnserver => client connection configuration suggestions

I have configured a vpn client connected to server on a asuswrt router/server. Connection working fine and can connect to server from client side. But not the other way (server => client) get not ping answer either. I have tried some configurations and still scratching my head. I think I...

forum.openwrt.org

No, I aske here aftersom server is on asuswrt router

 

[octopus]

When you said "can't reach other side lan clients from server" I thought you were talking about client devices on the LAN, e.g. PC, laptop NAS, printer, etc.

Yes thats right. Sorry if I'm messy
Can't reach lan clients/devices on Client side on GL-MT600. It's strange ping is working but as you say not .e.g. PC, laptop NAS, printer, etc.

 

[ColinTaylor]

Yes thats right. Sorry if I'm messy
Can't reach lan clients/devices on Client side on GL-MT600. It's strange ping is working but as you say not .e.g. PC, laptop NAS, printer, etc.

If you can ping a PC make sure you have adjusted any firewall rules as necessary. Windows for example, will block incoming VPN connections by default.

 

[octopus]

If you can ping a PC make sure you have adjusted any firewall rules as necessary. Windows for example, will block incoming VPN connections by default.

Where can I find that settings? I have added rule in my eset internet security.

 

[octopus]

Okay, some thoughts: Why ping works is that they used ICMP to ping eg router or phone on client side which responds

Do I need to add route in windows 11 pro? eg
route add 192.168.46.0 mask 255.255.255.0 192.168.50.1

 

[ColinTaylor]

Where can I find that settings? I have added rule in my eset internet security.

Sorry, I don't know anything about eset internet security. Check the Windows Firewall.

Do I need to add route in windows 11 pro?

No. ICMP works so it's not a routing issue.

Can you test connecting to a simpler device that doesn't have a firewall, like a network printer with a web interface?