Page 1 of 1
L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Fri Jun 04, 2021 1:43 pm
by calevizo
Hello,
I'm trying to connect to any of the LANs from the l2pt-ipsec VPN connection but I can only connect to the router from the PPP address 192.168.102.1 and to the internet (with pass all traffic through the VPN connection)
I tried disabling all my blocking firewall rules but that did not help
the VPN router IP is 192.168.102.1
VPN client IP is 192.169.102.2
I was trying to ping one of the router addresses eg 192.168.11.1,192.168.10.2 or device on the network eg 192.168.11.11
I don't know how to troubleshoot this, could you please help me or give me some tip where to look?
thank you
Chris
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Fri Jun 04, 2021 3:47 pm
by mikeeg02
Is the client device configured to use the vpn as default gateway?
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Fri Jun 04, 2021 4:49 pm
by calevizo
Is the client device configured to use the vpn as default gateway?
Hello mikeeg02
I believe so, yes
Screenshot 2021-06-04 at 4.46.53 PM.png
I also pass all traffic thought the VPN
Screenshot 2021-06-04 at 4.46.19 PM.png
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Sat Jun 05, 2021 1:14 am
by mikeeg02
If you run a trace route to 192.168.11.1 or any of the ip addresses assigned to interfaces in the router, what does that show?
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Sat Jun 05, 2021 12:07 pm
by calevizo
If you run a trace route to 192.168.11.1 or any of the ip addresses assigned to interfaces in the router, what does that show?
traceroute to the routers VPN IP
traceroute to 192.168.102.1 (192.168.102.1), 64 hops max, 52 byte packets
1 192.168.102.1 (192.168.102.1) 136.960 ms 72.143 ms 86.224 ms
traceroute to device on the network
traceroute to 192.168.11.10 (192.168.11.10), 64 hops max, 52 byte packets
1 172.20.10.1 (172.20.10.1) 2.345 ms 2.718 ms 2.639 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
...
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Sat Jun 05, 2021 12:52 pm
by calevizo
funny thing is that I can ping 192.168.102.2 when its connected from devices in the 192.168.11.0/24 network
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Sat Jun 05, 2021 1:01 pm
by mikeeg02
Add a route in the client for 192.168.11.0/24 with a gateway of 192.168.102.1. Trace route agrees its going through your local gateway.
Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN
Posted: Sat Jun 05, 2021 3:00 pm
by calevizo
Add a route in the client for 192.168.11.0/24 with a gateway of 192.168.102.1. Trace route agrees its going through your local gateway.
ok I tried that, it didn't work, but there is something else going on, I have the same setup in another router and it works without static routes
chris@MacBook-Pro ~ % sudo route -n add -net 192.168.11.0/24 192.168.102.1
add net 192.168.11.0: gateway 192.168.102.1
chris@MacBook-Pro ~ % ping 192.168.11.11
PING 192.168.11.11 (192.168.11.11): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^Z
zsh: suspended ping 192.168.11.11
chris@MacBook-Pro ~ % sudo route -n delete -net 192.168.11.0/24 192.168.102.1
delete net 192.168.11.0: gateway 192.168.102.1
chris@MacBook-Pro ~ % sudo route -n add -net 192.168.11.0/24 192.168.102.2
add net 192.168.11.0: gateway 192.168.102.2
chris@MacBook-Pro ~ % ping 192.168.11.11
PING 192.168.11.11 (192.168.11.11): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^Z
zsh: suspended ping 192.168.11.11
chris@MacBook-Pro ~ % traceroute 192.168.11.11
traceroute to 192.168.11.11 (192.168.11.11), 64 hops max, 52 byte packets
1 192.168.102.1 (192.168.102.1) 100.137 ms 71.063 ms 86.065 ms
2 * * *
3 * * *
^C
chris@MacBook-Pro ~ % sudo route -n delete -net 192.168.11.0/24 192.168.102.2
delete net 192.168.11.0: gateway 192.168.102.2
chris@MacBook-Pro ~ % sudo route -n add -net 192.168.11.0/24 192.168.102.1
add net 192.168.11.0: gateway 192.168.102.1
chris@MacBook-Pro ~ % traceroute 192.168.11.11
traceroute to 192.168.11.11 (192.168.11.11), 64 hops max, 52 byte packets
1 192.168.102.1 (192.168.102.1) 797.008 ms 146.700 ms 80.307 ms
2 * * *
^C