CloudEngineer Posted July 16, 2018 Share Posted July 16, 2018 Hi All, I have an ASUS RT-N56U (Padavan firmware) and an ASUS RT-AC88U (AsusWRT-Merlin). I have a openvpn connection setup where the RT-N56U is the server and the RT-AC88U is the client. I have exported the ovpn file from the former and imported it into the latter, and appear to be connected. I do not want to use NAT - i want to use routing and have selected "No" on create NAT on tunnel to which it indicates static routes are required. I have enabled static routes and have setup a route on each router to the other via the vpn subnet gateway. Subnets are: RT-N56U 10.10.10.0/24 - main subnet 10.10.11.0/24 - vpn subnet RT-AC88U 10.30.30.0/24 - main subnet 10.8.0.0/24 Now, from the RT-AC88U's diagnostic page, i can hit the gateway and devices on 10.10.10.0/24 but from my pc on 10.10.10.2 i cannot ping any device on 10.30.30.0. Any ideas what i am doing wrong? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 17, 2018 MVC Share Posted July 17, 2018 And are the devices on 10.30.30 using the using the vpn device as their gateway? You sure they are not running host firewalls? Out of the box for example windows would not allow you to talk to it from anything other than its own local network. You would have to adjust the host firewalls to allow that access, etc. Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted July 17, 2018 Developer Share Posted July 17, 2018 You say you've added routes on each router. What are those routes? I suspect this is likely where the issue lies. Link to comment Share on other sites More sharing options...
CloudEngineer Posted July 19, 2018 Author Share Posted July 19, 2018 I've updated the IP ranges to simplify things a little.. RT-N56U 10.10.10.0/24 - main subnet 10.10.11.0/24 - vpn subnet RT-AC88U 192.168.1.0/24 - main subnet 192.168.2.0/24 - vpn subnet Routes are: Static Route Liston the RT-N56U Network or Host IPNetmaskGatewayMetricInterface 192.168.1.0 255.255.255.0 10.10.10.254 1 LAN Static Route Liston the RT-AC88U Network or Host IPNetmaskGatewayMetricInterface 10.10.10.0 255.255.255.0 192.168.1.254 1 LAN Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 19, 2018 MVC Share Posted July 19, 2018 you do understand a site to site would use a shared vpn tunnel network right? The lan side networks make sense - but having 2 different vpn tunnel networks when its suppose to be a site to site makes zero sense. So you end up with like above where your tunnel network is 172.16.0/30 with .1 on one side and .2 on the other. So on the top router lets call it router A or Site A, you have a route that says to get to 192.168.2/24 go to 172.16.0.2 On the bottom router lets call it B route would say to get to 192.168.1/24 go to 172.16.0.1 Link to comment Share on other sites More sharing options...
CloudEngineer Posted July 19, 2018 Author Share Posted July 19, 2018 Turns out its a bug with openvpn. Resolved it by removing all static routes and adding the line route 192.168.1.0 255.255.255.0 to the openvpn server under extended config. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 19, 2018 MVC Share Posted July 19, 2018 Your lack of understanding how something works does not equal "bug" Link to comment Share on other sites More sharing options...
Recommended Posts