We have a commercial control system that has a static IP address (192.168.1.100). When I configure our GL-AX1800 to use 192.168.1.x everything works fine locally and I’m able to connect to the control system using any device attached to the AX1800 via wired or wireless.
I’d like to be able to connect to the control system remotely using one of the VPN servers hosted by the router. I’ve tried both OpenVPN and WireGuard but can’t get it working. The experience on both VPN servers is the same so I won’t make a distinction from here on.
With the VPN server running I can connect to it using a VPN client on my phone. When I browse to the public IP address of the router I can see the router login screen. Similarly, when I enter 192.168.1.1 I can see the router login screen. I am not able to get to the control system at 192.168.1.100. I’ve tried as many combinations of IP address ranges, port forwarding, ‘use VPN for all devices’ as I can think of and still no joy.
There’s a PC local to the control system, connected to the same router. I need that to have access to the control system too, but I think if I can get the VPN access working I can just configure a VPN client on that PC and access the control system that way, right?
Here’s my network diagram:
Phone (connected to cellular signal or home network) —> AX1800 —> Control System (192.168.1.100)
Thanks for getting back to me. I’m running the VPN server on the router, but I’m not using the VPN client (on the router) so it’s not configured at all. I have a VPN client on my phone, which I’m using to connect to the router. Do I need to configure the VPN client on the router in order to run the server?
Can you try connecting to, pinging and tracert the PC local to the control system and any other PCs/devices connected to the LAN side of the GL-AX1800?
I connected multiple devices to the VPN server: 1. laptop (over home internet connection); 2. cellphone (over cellular connection); 3. iPad (over home internet connection).
I’m unable to ping any of these devices from any of the other devices.
If I SSH into the router from my laptop, I can ping and traceroute all three of these devices.
I’m unable to ping/traceroute the control system from any device.
Do I need to set up any port forwards or open router ports?
I’m tempted to factory reset the router and start again.
I did manually set that IP address. I changed it back to 10.0.0.1 and generated a new client config file as instructed then created a new tunnel on the Wireguard app on my iPad. I rebooted the router then connected from my iPad. Unfortunately I still don’t have access to the control system server. My iPad has an IP address in the 10.0.0.x range and when I check my internet-facing IP address from the iPad I’m seeing the public IP address of the router, so that seems to be working correctly, but the router-side peer access isn’t working yet.
Port forwarding didn’t make any difference so I did a factory reset on the router and started again. Still couldn’t access the control system server remotely. Checking the client list in the router I could see the control system server, which incidentally has a static IP address. I set up a static route in case the static IP address was the issue…still no joy.
I turned on real-time client traffic info and could see data being routed to the control system server but nothing coming back (literally zero bytes). This made me think that maybe the issue was that the control system server was unable to get a route back to the router. A quick check of the control system server network setup showed a gateway address that was incorrect. (I didn’t set up the control system originally, and it used to be directly wired to a control pc so the gateway wasn’t relevant). I set the control system server gateway IP address to the router’s ip and rebooted the control system…success!
Everything is working like it should. Massive thanks to @wcs2228 and @alzhao for getting involved, much appreciated.
:
).
