astraub Posted September 16, 2019 Posted September 16, 2019 I managed to setup the VPN server in the XR500 and can connect through OpenVPN using my mobile devices. The VPN connection is also showing up in the logs of the XR500. Looking at the mobile device settings I can see that I end up at IP address 192.168.1.2 - which is my WAN port address of the XR500. My local LAN is however in the subnet 192.168.0.x - which means to me that the access point of the VPN is not after the firewall, but directly in front of it. I can punch port forwards in the firewall, but this would completely defeat the purpose of the VPN connection. How can this happen? I would expect that the VPN connection would end up in the LAN subnet? Could I for example use an additional line in the OpenVPN config file: route 192.168.0.1 255.255.255.0
Administrators Netduma Fraser Posted September 17, 2019 Administrators Posted September 17, 2019 Are you saying the mobile gets that IP or that is the gateway IP it shows?
astraub Posted September 17, 2019 Author Posted September 17, 2019 Yes, it gets the IP of the WAN port - which is in a different subnet than the LAN I want to reach. Currently I am experimenting with "route" and "iroute" in the client script ....
Administrators Netduma Fraser Posted September 17, 2019 Administrators Posted September 17, 2019 Unless I've misunderstood I think that is fine as a tunnel has been created, are you having an issue of the VPN not changing your public IP address?
astraub Posted September 17, 2019 Author Posted September 17, 2019 No, I can only ping the WAN / client address (192.168.1.2). I can neither connect to the first router at 192.168.1.3(!) and also not to the target LAN at 192.168.0.x. I have tried pinging all possible addresses. Using routes in the client config did not change anything. What about fixed routes in the XR500?
Administrators Netduma Fraser Posted September 17, 2019 Administrators Posted September 17, 2019 Ahh I see, could you use TUN instead of TAP please and see if that resolves the issue. iOS doesn't seem to support TAP Protocols.
astraub Posted September 17, 2019 Author Posted September 17, 2019 Yes, I was aware of this limitation. Potentially this is also the reason why the bridging between the two subnets does not work. The default configuration only uses tun: client dev tun proto udp remote xxxxxxxx 12973 resolv-retry infinite nobind persist-key persist-tun <ca> ....
Administrators Netduma Fraser Posted September 17, 2019 Administrators Posted September 17, 2019 Are you using the VPN Hybrid or the VPN Service in the Netgear Settings? Is this config on the phone itself?
astraub Posted September 18, 2019 Author Posted September 18, 2019 I am using the VPN Server (not the Hybrid VPN). And yes, this is the config file generated by the server and which is being imported in the client application. I only change the Server IP to the DynDNS hostname (xxxxxx).
Administrators Netduma Fraser Posted September 18, 2019 Administrators Posted September 18, 2019 What is your actual physical setup and how is your XR500 connected - via DMZ, modem mode?
astraub Posted September 18, 2019 Author Posted September 18, 2019 The Problem is the double NAT. I decided to get a separate modem to get around this problem. So you can close this request.
Administrators Netduma Fraser Posted September 18, 2019 Administrators Posted September 18, 2019 Yeah I figured from your last comment that could be the issue. If it doesn't work feel free to open another topic. Though you should be able to put the XR500 in the DMZ of your ISP Hub and that should work.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.