Hello all. Wanted to see if someone can tell me how to correctly add static routes on the Asus Merlin (running latest 386.1_2 for both the VPN Server side & VPN Client side networks. I have read so much about this but nothing seems to work.
Addresses below have been changed from actual addresses.
Question needing input at bottom of this post.
*********************************************************
Home Router: RT-AC86U running AIMesh with another RT-AC86U router
I have a VPN Server setup on my main router at home.
LAN 192.168.1.0/24
GW 192.168.1.1 (Router connected directly to internet)
VPN Server 10.8.0.0
WAN 47.186.25.15
GW 47.186.25.1
I use NordVPN on the main VPN Server router in addition to setting up a VPN Server
Local: 10.8.3.xx
Public 89.187.100.95
*********************************************************
Remote Router: RT-AC86U running AIMesh with another RT-AC86U router
I have setup VPN Client on a remote network running 386.1_2
LAN 192.168.100.0/24
GW 192.168.100.2 (router hooked to ISP router)
Public IP: 76.186.111.144
NordVPN on the main VPN Client router connected plus VPN connection to my VPN Server.
*********************************************************
The VPN Client router connects fine to the VPN Server router.
The VPN Client can ping the devices on the VPN Server that are setup for WAN access on the NordVPN connection
The VPN Client cannot see/ping the devices on the VPN Server that are setup for VPN access on the NordVPN connection (on the VPN Server)
The VPN Server cannot "see" any device on the 192.168.100.0/24 remote network.
My goal is to do static routing on both VPN Server & VPN Client so both networks see every device on the other network.
VP Server (ip rule)
0: from all lookup local
10201: from 192.168.1.185 lookup main
10202: from 192.168.1.191 lookup main
10203: from 192.168.1.193 lookup main
10204: from 192.168.1.196 lookup main
10205: from 192.168.1.197 lookup main
10206: from 192.16.1.198 lookup main
10207: from 192.168.1.199 lookup main
10208: from 192.168.1.162 lookup main
10209: from 192.168.1.34 lookup main
10210: from 192.168.1.163 lookup main
10211: from 192.168.1.107 lookup main
10301: from 192.168.1.0/24 lookup ovpnc2
32766: from all lookup main
32767: from all lookup default
iptables --line -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 41378 packets, 2596K bytes)
num pkts bytes target prot opt in out source destination
1 149K 15M MASQUERADE all -- * tun12 0.0.0.0/0 0.0.0.0/0
2 66604 6607K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0
3 42561 5034K MASQUERADE all -- * eth0 !47.186.25.15 0.0.0.0/0
4 12334 3709K MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
What command line will create the appropriate static route such that the VPN Server can see all devices on the VPN Client?
I am currently reading 2 O'Reilly books trying to figure this out.
I looked for Asus Merlin static route add information without success.
All the solutions speak to correct routing. For example: "
'All of your internal servers on the 192.168.1.0 range use 192.168.1.254 as default gateway for connection to the internet.
However, any traffic from a VPN client will be coming from IP 10.8.0.x through 192.168.1.10 and needs to route back through 192.168.1.10 to traverse the tunnel, and NOT through 192.168.1.254.
Therefore 192.168.1.11 and 192.168.1.12 need to have a route in their routing table to tell them to send traffic from 10.8.0.x back to 192.168.1.10.
To test this, try pinging a connected client from .11 or .12. You will find they can't, until you add a route telling them to send traffic via 192.168.1.10.'"
But I can't seem to find the actual commands to make this happen.
Thanks in advance for any assistance.
Addresses below have been changed from actual addresses.
Question needing input at bottom of this post.
*********************************************************
Home Router: RT-AC86U running AIMesh with another RT-AC86U router
I have a VPN Server setup on my main router at home.
LAN 192.168.1.0/24
GW 192.168.1.1 (Router connected directly to internet)
VPN Server 10.8.0.0
WAN 47.186.25.15
GW 47.186.25.1
I use NordVPN on the main VPN Server router in addition to setting up a VPN Server
Local: 10.8.3.xx
Public 89.187.100.95
*********************************************************
Remote Router: RT-AC86U running AIMesh with another RT-AC86U router
I have setup VPN Client on a remote network running 386.1_2
LAN 192.168.100.0/24
GW 192.168.100.2 (router hooked to ISP router)
Public IP: 76.186.111.144
NordVPN on the main VPN Client router connected plus VPN connection to my VPN Server.
*********************************************************
The VPN Client router connects fine to the VPN Server router.
The VPN Client can ping the devices on the VPN Server that are setup for WAN access on the NordVPN connection
The VPN Client cannot see/ping the devices on the VPN Server that are setup for VPN access on the NordVPN connection (on the VPN Server)
The VPN Server cannot "see" any device on the 192.168.100.0/24 remote network.
My goal is to do static routing on both VPN Server & VPN Client so both networks see every device on the other network.
VP Server (ip rule)
0: from all lookup local
10201: from 192.168.1.185 lookup main
10202: from 192.168.1.191 lookup main
10203: from 192.168.1.193 lookup main
10204: from 192.168.1.196 lookup main
10205: from 192.168.1.197 lookup main
10206: from 192.16.1.198 lookup main
10207: from 192.168.1.199 lookup main
10208: from 192.168.1.162 lookup main
10209: from 192.168.1.34 lookup main
10210: from 192.168.1.163 lookup main
10211: from 192.168.1.107 lookup main
10301: from 192.168.1.0/24 lookup ovpnc2
32766: from all lookup main
32767: from all lookup default
iptables --line -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 41378 packets, 2596K bytes)
num pkts bytes target prot opt in out source destination
1 149K 15M MASQUERADE all -- * tun12 0.0.0.0/0 0.0.0.0/0
2 66604 6607K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0
3 42561 5034K MASQUERADE all -- * eth0 !47.186.25.15 0.0.0.0/0
4 12334 3709K MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
What command line will create the appropriate static route such that the VPN Server can see all devices on the VPN Client?
I am currently reading 2 O'Reilly books trying to figure this out.
I looked for Asus Merlin static route add information without success.
All the solutions speak to correct routing. For example: "
'All of your internal servers on the 192.168.1.0 range use 192.168.1.254 as default gateway for connection to the internet.
However, any traffic from a VPN client will be coming from IP 10.8.0.x through 192.168.1.10 and needs to route back through 192.168.1.10 to traverse the tunnel, and NOT through 192.168.1.254.
Therefore 192.168.1.11 and 192.168.1.12 need to have a route in their routing table to tell them to send traffic from 10.8.0.x back to 192.168.1.10.
To test this, try pinging a connected client from .11 or .12. You will find they can't, until you add a route telling them to send traffic via 192.168.1.10.'"
But I can't seem to find the actual commands to make this happen.
Thanks in advance for any assistance.
