Jump to content
astraub

remote access via VPN fails at firewall of XR500

Recommended Posts

I managed to setup the VPN server in the XR500 and can connect through OpenVPN using my mobile devices.

The VPN connection is also showing up in the logs of the XR500.

 

Looking at the mobile device settings I can see that I end up at IP address 192.168.1.2 - which is my WAN port

address of the XR500. My local LAN is however in the subnet 192.168.0.x - which means to me that the access

point of the VPN is not after the firewall, but directly in front of it. I can punch port forwards in the firewall, but this

would completely defeat the purpose of the VPN connection.

 

How can this happen? I would expect that the VPN connection would end up in the LAN subnet?

 

Could I for example use an additional line in the OpenVPN config file:

      route 192.168.0.1 255.255.255.0

 

 

 

Share this post


Link to post
Share on other sites

Yes, it gets the IP of the WAN port - which is in a different subnet than the LAN I want to reach. Currently I am experimenting with "route" and "iroute" in the client script ....

Share this post


Link to post
Share on other sites

No, I can only ping the WAN / client address (192.168.1.2). I can neither connect to the first router at 192.168.1.3(!) and also not to the target LAN at 192.168.0.x. I have tried pinging all possible addresses.

 

Using routes in the client config did not change anything. What about fixed routes in the XR500?

 

Share this post


Link to post
Share on other sites

Yes, I was aware of this limitation. Potentially this is also the reason why the bridging between the two subnets does not work.

The default configuration only uses tun:

client
dev tun
proto udp
remote  xxxxxxxx 12973
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>

....

 

Share this post


Link to post
Share on other sites

I am using the VPN Server (not the Hybrid VPN). And yes, this is the config file generated by the server and which is being imported in the client application. I only change the Server IP to the DynDNS hostname (xxxxxx).

Share this post


Link to post
Share on other sites

The Problem is the double NAT. I decided to get a separate modem to get around this problem. So you can close this request.

Share this post


Link to post
Share on other sites

Yeah I figured from your last comment that could be the issue. If it doesn't work feel free to open another topic. Though you should be able to put the XR500 in the DMZ of your ISP Hub and that should work.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...