I have a GL-MT300N-V2 acting as an openvpn client. Works fine - but…
I need to allow my openvpn server to reach clients on the WAN interface (which is in the private range 192.168.50.0/24)
A traceroute from the server reports that packets arrive at the router via the tunnel - but no reply from the device I need to contact on the 192.168.50.0/24 network.
I’ve had this working before, but I can’t remember what I did - I guess it needs some kind of NAT config so the packets hitting my end device appear to come from the WAN address of the router.
This has got to be something simple - but I can’t work it out
Any help please??
Thanks
Dave
Thanks - I have already tried that but it still doesn’t allow traffic arriving via the Openvpn to access the device on the WAN interface. I suspect that the traffic is not being Natted to appear to originate from the WAN IP of the router, so the end device doesn’t know to send the reply back via the router.
I have another working setup, so I will attempt to load up the backup of the working config and see if I have any settings I have missed.
My GL-MT300N-V2 is an OpenVPN client and the WAN interface is on a private subnet 192.168.50.0/24 It gets it’s address by DHCP from the internet router on that subnet. VPN client connects ok to my server.
Server can ping the tunnel endpoint 10.8.0.5
Server can ping the assigned WAN interface 192.168.50.57
But server can’t ping the WAN gateway of the subnet 192.168.50.1 or any devices on the 192.168.50.0/24 subnet.
I have no access to the default gateway of the subnet to add a static route.
There must be a way of adding (masquerade ?) a rule which makes all the traffic coming down the VPN destined for devices on the 192.168.50.0/24 subnet to appear to originate from the WAN IP of the GL-MT300N-V2 to avoid the need for setting up a route back to the VPN on the subnet gateway router?
I really appreciate your help - this is driving me mad - I still can’t get this to work!
My VPN server has a tunnel address of 10.8.0.1
My GL-iNet OpenVPN client connects ok with tunnel address 10.8.0.5
I have several other clients also connected to the VPN OK
From the server I can ping 10.8.0.5
From other connected clients I can ping 10.8.0.5
From other connected clients I can log on via browser to GL-iNet via address 10.8.0.5
The server and other connected clients all can see a route to 192.168.50.0/24 via 10.8.0.5
From other connected clients I can log on via browser and also ping to GL-iNet via its WAN address 192.168.50.56 which confirms routing is working OK
From luci on the GL-iNet I can directly ping the wan gateway 192.168.50.1
From luci on the GL-Inet I can directly ping the device I am trying to remotely connect to: 192.168.50.210
From any connected client, if I Traceroute to 192.168.50.210 I get as far as 10.50.0.5
Here are my firewall rules:
I don’t know where it block the traffic, you can try to change all “reject” and “drop” option to “accept” for a moment.
Also disable masquerading of ovpn zone.
Just for ask you… can you try the new beta firmware v4.3.2 i saw that you have more option if you use gl-inet interface to create a open vpn server. https://dl.gl-inet.com/?model=mt300n-v2&type=beta
Got this working. Had the subnet wrong in the openvpn config - all good now!
For anyone else looking, I stupidly had 192.168.0.1/24 instead of 192.168.0.0/24 in my openvpn server settings. I changed this to the correct way and it is now working as expected.
