What's new

OpenVPN - unable to reach subnets attached to LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Emiljan Haxhi

New Around Here
Hi Guys,

I have a odd issue, I have OpenVPN server running on my RT-AC68U (Asuswrt-Merlin v384.9) and I am having difficulty connecting to a downstream router.

On one of the LAN ports on my AC68U has a Ubiquity router (Edgerouter X) configured with 4 different networks (192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24, 192.168.40.0/24) via eth1-4, eth0 is used for the IP of the LAN (192.168.1.200)

My AC68U network is 192.168.1.0/24
On my AC68U I have 4 static routes added for the Edgerouter X networks and I am able to reach them while connected via WIFI or Ethernet.

My VPN network is 192.168.3.0/24, when i connect I get a IP of 192.168.3.2, gateway 192.168.3.1. I am able to connect to devices on the 192.168.1.0/24 network, but when i try to access any of the devices on the edgerouter-x networks, connection fails. I have tried pinging devices on all 4 networks with no response. Traceroute fails as well.

These are my routing tables for the:

Client connected to the VPN (Ubuntu 18.04)
default _gateway 0.0.0.0 UG 0 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
link-local 0.0.0.0 255.255.0.0 U 0 0 0 enp0s3
192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.10.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
192.168.20.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
192.168.30.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
192.168.40.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0

RT-AC68U (hidden my public IP)
Destination Gateway Genmask Flags MSS Window irtt Iface
PUBLICIP * 255.255.255.255 UH 0 0 0 vlan2
192.168.20.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
192.168.3.0 * 255.255.255.0 U 0 0 0 tun22
192.168.2.0 * 255.255.255.0 U 0 0 0 tun21
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
68.40.138.0 * 255.255.255.0 U 0 0 0 vlan2
192.168.30.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
192.168.10.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
192.168.40.0 edgerouterx 255.255.255.0 UG 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default PUBLICIP 0.0.0.0 UG 0 0 0 vlan2

In this case edgerouterx is 192.168.1.200
 
you need to tell your vpn client how to get to those networks by putting in static routes through the edgerouter-x.
push "route 192.168.10.0 255.255.255.0 192.168.1.200"
push "route 192.168.20.0 255.255.255.0 192.168.1.200"
push "route 192.168.30.0 255.255.255.0 192.168.1.200"

On your edge router you should create a static route to 192.168.3.0 through your router (if this is not the default gateway for yr edge router) else the route back is not known to the edge router.

yr route table on yr client routes all networks from the edge router through 192.168.3.1, but does that gateway know the route to those networks?
 
I got it working, on my AC68U i added the following iptables rules

iptables -A OVPN -d 192.168.10.0/24 -i tun22 -j ACCEPT
iptables -A OVPN -d 192.168.20.0/24 -i tun22 -j ACCEPT
iptables -A OVPN -d 192.168.30.0/24 -i tun22 -j ACCEPT
iptables -A OVPN -d 192.168.40.0/24 -i tun22 -j ACCEPT
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top