Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

Exciting, strange and mysterious VPN behavior - faint of heart need not inquire!

Hey there,

Got a strange one.  I have a Linksys RV016 with a VPN tunnel to a LInksys RV042 on the remote side.  Tunnel is up and stable and I'm able to ping workstations etc.  

I also have a WRT54G on the remote side connected to the RV042 and acting as a wireless AP (nothing is plugged in to the Internet port on the WRT54G).

I'm trying to ping the WRT54G from here and I don't get replies.  Can't get to the web interface or anything.  If I log in to the RV042 on the remote side and use the ping utility in the router I can ping the WRT54G without a problem.  Also clients on the remote side can ping the WRT54G again, w/o issue.  

I can ping all of the clients on the remote subnet except for the WRT54G.  The local subnet is 172.30.250.0/24 and the remote subnet is 192.168.2.0/24.  The WRT54G is 192.168.2.254

Very strange.  Any thoughts (other than get a real router)?
0
ttist25
Asked:
ttist25
1 Solution
 
SkykingOHCommented:
You need to add a route to the WRT54G that points to the network on the other side of the VPN using the RV042 as the gateway for that route.

When you are logging in remotely to the RV042 the pings are sourced from the LAN address and do not require a gateway.  When you ping from the remote network the WRT does not know how to get back to you.  Essentially you are asking it to make a U turn on the LAN address.



0
 
Frosty555Commented:
This may be a security issue on the WRT54G. The router is supposed to block any access to it's web configuration interface that comes from the internet. If the router defines "from the internet" as "from an IP in a subnet that isn't my local subnet", that might be the cause of your problem.

E.g. If it sees the source IP address as 172.30.250.xxx and it's own IP is 192.168.2.254, it might mistakenly think the request was from the internet, and block it.

You can relax some of these security settings safely because your WRT54G isn't actually acting as an internet gateway, it's just an access point. Try going into the WRT54G's web config page, and enable "Remote Administration" from the Administrator panel. Also untick the "Block Anonymous Internet Requests" tickbox in the Security tab (or somewhere in the advanced settings)

If this works, you may need to access the web interface using it's "remote administration" port (default is 8080 on the wrt54g) instead of the usual port 80. You can configure this port in the Administrator panel, but I'm not sure if you can set it to port 80, router might not let you for security reasons.
0
 
ttist25Author Commented:
Perfect!  That did the trick.

Thanks!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now