0

I have searched the site for a close situation, I didn't find one. We have two sites connected by VPN as follows:

LAN1 (192.168.18.0) VPN Server - 192.168.18.4

LAN2 (192.168.19.0) VPN Server - 192.168.19.4

The problem is that from LAN2, any client can ping/reach 192.168.18.4 in LAN1, but not any other clients in LAN1. If I go to 192.168.19.4 itself in LAN2, I can ping/reach any client in LAN1.

What can I adjust in the routing to enable any client in LAN2 to see any client in LAN1. Any help will be appreciated.

Gboyega Sulaiman
  • 101
  • what is the default gateway for devices in lan2? – Dusan Bajic Sep 14 '12 at 07:22
  • @dusan.bajic: 192.168.19.254. However, we have setup routing on this to route to 192.168.19.4. If I do a traceroute to a LAN1 client on any LAN2 client, I can see the request getting to 192.168.19.4, and then hopping to 192.168.19.3 which is the demand-dial ip on 192.168.18.4, the VPN Server on LAN1 – Gboyega Sulaiman Sep 14 '12 at 08:01
  • you should use separate subnet for vpn connection IPs, and have fixed IP from that range assigned to VPN2 server demand dial interface. Then add static route on VPN1 server that will forward 19.0/24 to VPN2 server. – Dusan Bajic Sep 14 '12 at 08:24
  • @dusan.bajic: I already have static route on the demand-dial interface on 18.4. (destination: 192.168.18.0, network mask: 255.255.255.0, gateway: none), I also a static route on the dedicated lan interface (destination: 192.168.18.0, network mask: 255.255.255.0, gateway: 192.168.18.4) – Gboyega Sulaiman Sep 14 '12 at 08:33

1 Answers1

0

This is how it should be:

  1. Use separate subnet for VPN connection, for example 192.168.20.0/24:

    • Assign 192.168.20.1 to demand dial interface on VPN server in LAN1
    • Assign 192.168.20.2 to demand dial interface on VPN server in LAN2

  2. Add static route to VPN server in LAN1: ROUTE ADD 192.168.19.0 mask 255.255.255.0 192.168.20.2

  3. Add static route to VPN server in LAN2: ROUTE ADD 192.168.18.0 mask 255.255.255.0 192.168.20.1

  4. Add static route to all devices in LAN1 ROUTE ADD 192.168.19.0 mask 255.255.255.0 192.168.18.4 (alternatively, add this route only to default gateway device in LAN1)

  5. Add static route to all devices in LAN2 ROUTE ADD 192.168.18.0 mask 255.255.255.0 192.168.19.4 (alternatively, add this route only to default gateway device in LAN2)

It would be more straightforward if you could simply use your default gateway devices and setup vpn tunnel between them.

Dusan Bajic
  • 2,056
  • 1
  • 18
  • 21