Exciting, strange and mysterious VPN behavior - faint of heart need not inquire!

Hey there,

Got a strange one.  I have a Linksys RV016 with a VPN tunnel to a LInksys RV042 on the remote side.  Tunnel is up and stable and I'm able to ping workstations etc.  

I also have a WRT54G on the remote side connected to the RV042 and acting as a wireless AP (nothing is plugged in to the Internet port on the WRT54G).

I'm trying to ping the WRT54G from here and I don't get replies.  Can't get to the web interface or anything.  If I log in to the RV042 on the remote side and use the ping utility in the router I can ping the WRT54G without a problem.  Also clients on the remote side can ping the WRT54G again, w/o issue.  

I can ping all of the clients on the remote subnet except for the WRT54G.  The local subnet is and the remote subnet is  The WRT54G is

Very strange.  Any thoughts (other than get a real router)?
Who is Participating?
SkykingOHConnect With a Mentor Commented:
You need to add a route to the WRT54G that points to the network on the other side of the VPN using the RV042 as the gateway for that route.

When you are logging in remotely to the RV042 the pings are sourced from the LAN address and do not require a gateway.  When you ping from the remote network the WRT does not know how to get back to you.  Essentially you are asking it to make a U turn on the LAN address.

This may be a security issue on the WRT54G. The router is supposed to block any access to it's web configuration interface that comes from the internet. If the router defines "from the internet" as "from an IP in a subnet that isn't my local subnet", that might be the cause of your problem.

E.g. If it sees the source IP address as 172.30.250.xxx and it's own IP is, it might mistakenly think the request was from the internet, and block it.

You can relax some of these security settings safely because your WRT54G isn't actually acting as an internet gateway, it's just an access point. Try going into the WRT54G's web config page, and enable "Remote Administration" from the Administrator panel. Also untick the "Block Anonymous Internet Requests" tickbox in the Security tab (or somewhere in the advanced settings)

If this works, you may need to access the web interface using it's "remote administration" port (default is 8080 on the wrt54g) instead of the usual port 80. You can configure this port in the Administrator panel, but I'm not sure if you can set it to port 80, router might not let you for security reasons.
ttist25Author Commented:
Perfect!  That did the trick.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.