1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN with Two LANs behind server?

Discussion in 'Asuswrt-Merlin' started by jtarking, Oct 14, 2019.

  1. jtarking

    jtarking New Around Here

    Joined:
    Jan 28, 2017
    Messages:
    4
    Running OpenVPN server on RT-AC5300 with latest merlin image.

    I can connect and access the LAN on the AC-5300 fine, I have another LAN segment on a switch connected to the AC-5300 and have static route built to this LAN. I have a default route back from this LAN on the switch to the AC-5300 and can ping this LAN from the tools section on the router.

    I have added a "push" for this LAN to the server config and my client receives and makes the correct entry in the route table for this IP network.

    When I try to reach this IP network from the client, I can see the packet being dropped when I enable FW logging on the router side.

    What entries am I missing on the server / client side to make this work? I looked at IP tables on the router and do not see what entries are getting created to make the 10.8.0.0 for the VPN client and LAN that is local to the router? What entry do I need to make so the incoming packet does not get dropped by FW? Just trying to figure out the "magic" done behind the scenes for the VPN client and the local LAN.

    Thanks,
    Jeff
     
    Last edited: Oct 14, 2019
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,619
    Location:
    UK
    Go to the VPN server General settings and make sure "Client will use VPN to access" is set to "Both" (Internet and local network).
     
  3. jtarking

    jtarking New Around Here

    Joined:
    Jan 28, 2017
    Messages:
    4
    That works, but all of my Internet traffic goes out from the router that hosts the OpenVPN server. Should I not be able to add some entires to just get to another LAN that sits behind the OpenVPN server / router? Here's my path:

    OpenVPNClient-----------------------OpenVPNServerOnASUS----ASUS-LAN--------------Switch-------LAN

    How can update FW rule via CLI to allow the VPN client IP (10.8.0.2) to be allowed thru ASUS to reach the switch?

    Thanks,
    Jeff
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,619
    Location:
    UK
    Sorry, I don't have the same firmware as you so I can't tell you what to change. Maybe by comparing the firewall rules and pushed routes from the two different configurations you can work it out. Otherwise I expect someone else will be able to help.
     
  5. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    2,370
    Location:
    UK
    Does this help? OpenVPN - unable to reach subnets attached to LAN