VPN Network is not routing via tunnel
-
How about Routing on the non working far side?
Anything in the table for 10.0.11.0/24 ?-Rico
-
I'm not able to check the Server Side on the second tunnel since i'm not running it.
What should be there ?
I have a small suspicion that the Server maybe blocks connections from a LAN network...
Could that be the case ? -
The Server Side need to know your local network and a route set (normally this happens in the OpenVPN Server Config).
And of course the Server need to accept your Packets by it's Firewall Rules.
ATM the only thing we know the Server side knows the Route and accept Packets for the tunnel network.-Rico
-
In your second picture.. You need to add your LAN to the Remote Networks of that site. 10.0.11.0/24
Ive got this same scenario between a radio station I do work for and my office.
-
...this is what I just said right? ;-)
-Rico
-
Missed that. Yep. I hate this laptop.
-
Looking again your radio station router should not have its own LAN in the "remote networks" entry..
-
Yep that eas the problem.
I just mapped the traffic from my LAN to the IP i get from the VPN Server so that i show up as a Single VPN Client and not as a LAN workstation.Works fine now :)
Thank you very mutch !
-
So you do NAT now?
That is not ideal but can work in some cases. :-)-Rico
-
The Admin does not want to let traffic from my LAN pass, so thats the only way i have.
Sure its not ideal but hey, its getting the job done.
Greetings Chris-The-Tuner
Yes i'm german, get used to it :)
Visit my Webpage @ Chris-The-Tuner.de -
@chris-the-tuner said in VPN Network is not routing via tunnel:
The Admin does not want to let traffic from my LAN pass, so thats the only way i have.
Actually a correctly built firewall rule at the radio station only allowing you workstation IP would do the job just as well. In fact if your not accessing you LAN from any of the other sites Id delete the firewall rule on your local router on the OpenVPN tab.
-
I do access my home LAN via a Server running on my pfs ;)
Greetings Chris-The-Tuner
Yes i'm german, get used to it :)
Visit my Webpage @ Chris-The-Tuner.de -
I believe you could also place your local workstation at an address such as .129 and then use x.x.x.128/30 on the radio station side "remote network" to limit the size of your network their router sees. I have not tried this but there seems no reason it would not work.
-
@chris-the-tuner said in VPN Network is not routing via tunnel:
I do access my home LAN via a Server running on my pfs ;)
Then adjust your local OpenVPN rule to the data center server network to your local LAN.
Firewall rules are your friend!
-
Remember that connections that are initiated by the allowed end are by proxy allowed to return. You do not need special WAN rules to allow return traffic from the web.. right? Same with any interface.
-
I got a Rule that sorts out traffic trying to connect to my LAN from the radio network.
For the rest its fine since i run the other network anyway
