Access a L2TP VPN subnet on the LAN

patrikx3 · May 19, 2021, 5:56am

hello,
i have a work VPN that i can access on the router, but not on the LAN, how can i configure so that the LAN clients can see our VPN subnet?

patrikx3 · May 19, 2021, 6:07am

i tried like this (i know the gatway is on 192.168.140.254):

but still not access the lan vpn

patrikx3 · May 19, 2021, 6:25am

i tried this as well:

config 'zone'
	option 'name' 'sygnusvpn'
	option 'network' 'sygnusvpn'
	option 'conntrack' '1'
	option 'input' 'ACCEPT'
	option 'output' 'ACCEPT'
	option 'forward' 'REJECT'
 
config 'forwarding'
	option 'src' 'sygnusvpn'
	option 'dest' 'lan'
 
config 'forwarding'
	option 'src' 'lan'
	option 'dest' 'sygnusvpn'
 
config 'forwarding'
	option 'src' 'sygnusvpn'
	option 'dest' 'wan'

config 'rule'
	option 'target' 'ACCEPT'
	option 'src' 'wan'
	option '_name' 'ip_50_ESP'
	option 'proto' '50'
 
config 'rule'
	option 'target' 'ACCEPT'
	option '_name' 'IP_51_AH'
	option 'src' 'wan'
	option 'proto' '51'
 
config 'rule'
	option 'target' 'ACCEPT'
	option '_name' 'IKE'
	option 'src' 'wan'
	option 'proto' 'udp'
	option 'dest_port' '500'
 
config 'rule'
	option 'target' 'ACCEPT'
	option '_name' 'ipsec_NAT-T'
	option 'src' 'wan'
	option 'proto' 'udp'
	option 'dest_port' '4500'

did nothing on lan

patrikx3 · May 19, 2021, 6:29am

the vpn is like this in network:

config interface 'sygnusvpn'
	option proto 'l2tp'
	option server 'vpn.com'
	option username 'user'
	option password '123'
	option ipv6 'auto'
	option metric '10'

trendy · May 19, 2021, 6:42am

The easiest way is to assign the sygusvpn interface under wan firewall zone.
Remove the route you have on the second post and the sygnusvpn firewall zone.

patrikx3 · May 19, 2021, 6:43am

patrikx3:

config 'zone'
	option 'name' 'sygnusvpn'
	option 'network' 'sygnusvpn'
	option 'conntrack' '1'
	option 'input' 'ACCEPT'
	option 'output' 'ACCEPT'
	option 'forward' 'REJECT'
 
config 'forwarding'
	option 'src' 'sygnusvpn'
	option 'dest' 'lan'
 
config 'forwarding'
	option 'src' 'lan'
	option 'dest' 'sygnusvpn'
 
config 'forwarding'
	option 'src' 'sygnusvpn'
	option 'dest' 'wan'

resolved:

config zone
        option name 'sygnusvpn'
        option network 'sygnusvpn'
        option conntrack '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'

config forwarding
        option src 'sygnusvpn'
        option dest 'lan'

config forwarding
        option src 'lan'
        option dest 'sygnusvpn'

config forwarding
        option src 'sygnusvpn'
        option dest 'wan'

the masq was missing

trendy · May 19, 2021, 6:45am

I am pretty sure you don't need these. Traffic coming from work vpn will never use your internet, nor your lan.

patrikx3 · May 19, 2021, 6:14pm

you are right, i removed the lines, thanks very much, have a nice day!

system · May 29, 2021, 6:15pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.