1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN - unable to reach subnets attached to LAN

Discussion in 'Asuswrt-Merlin' started by Emiljan Haxhi, Mar 6, 2019.

  1. Emiljan Haxhi

    Emiljan Haxhi New Around Here

    Joined:
    Mar 6, 2019
    Messages:
    2
    Hi Guys,

    I have a odd issue, I have OpenVPN server running on my RT-AC68U (Asuswrt-Merlin v384.9) and I am having difficulty connecting to a downstream router.

    On one of the LAN ports on my AC68U has a Ubiquity router (Edgerouter X) configured with 4 different networks (192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24, 192.168.40.0/24) via eth1-4, eth0 is used for the IP of the LAN (192.168.1.200)

    My AC68U network is 192.168.1.0/24
    On my AC68U I have 4 static routes added for the Edgerouter X networks and I am able to reach them while connected via WIFI or Ethernet.

    My VPN network is 192.168.3.0/24, when i connect I get a IP of 192.168.3.2, gateway 192.168.3.1. I am able to connect to devices on the 192.168.1.0/24 network, but when i try to access any of the devices on the edgerouter-x networks, connection fails. I have tried pinging devices on all 4 networks with no response. Traceroute fails as well.

    These are my routing tables for the:

    Client connected to the VPN (Ubuntu 18.04)
    default _gateway 0.0.0.0 UG 0 0 0 enp0s3
    10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
    link-local 0.0.0.0 255.255.0.0 U 0 0 0 enp0s3
    192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
    192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
    192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
    192.168.10.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
    192.168.20.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
    192.168.30.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
    192.168.40.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0

    RT-AC68U (hidden my public IP)
    Destination Gateway Genmask Flags MSS Window irtt Iface
    PUBLICIP * 255.255.255.255 UH 0 0 0 vlan2
    192.168.20.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
    192.168.3.0 * 255.255.255.0 U 0 0 0 tun22
    192.168.2.0 * 255.255.255.0 U 0 0 0 tun21
    192.168.1.0 * 255.255.255.0 U 0 0 0 br0
    68.40.138.0 * 255.255.255.0 U 0 0 0 vlan2
    192.168.30.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
    192.168.10.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
    192.168.40.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default PUBLICIP 0.0.0.0 UG 0 0 0 vlan2

    In this case edgerouterx is 192.168.1.200
     
  2. wiz

    wiz Regular Contributor

    Joined:
    Feb 15, 2013
    Messages:
    139
    Location:
    the Netherlands
    you need to tell your vpn client how to get to those networks by putting in static routes through the edgerouter-x.
    push "route 192.168.10.0 255.255.255.0 192.168.1.200"
    push "route 192.168.20.0 255.255.255.0 192.168.1.200"
    push "route 192.168.30.0 255.255.255.0 192.168.1.200"

    On your edge router you should create a static route to 192.168.3.0 through your router (if this is not the default gateway for yr edge router) else the route back is not known to the edge router.

    yr route table on yr client routes all networks from the edge router through 192.168.3.1, but does that gateway know the route to those networks?
     
  3. Emiljan Haxhi

    Emiljan Haxhi New Around Here

    Joined:
    Mar 6, 2019
    Messages:
    2
    I got it working, on my AC68U i added the following iptables rules

    iptables -A OVPN -d 192.168.10.0/24 -i tun22 -j ACCEPT
    iptables -A OVPN -d 192.168.20.0/24 -i tun22 -j ACCEPT
    iptables -A OVPN -d 192.168.30.0/24 -i tun22 -j ACCEPT
    iptables -A OVPN -d 192.168.40.0/24 -i tun22 -j ACCEPT