Hello I have 2 routers,

the first router,
192.168.1.1 and then client computer(1) 192.168.1.151

the second router
192.168.2.1 and then client computer(2) 192.168.2.200

is it possible for 192.168.151 to access 192.168.2.200? if so what should i enable it?

for your information the seconds router have openvpn client installed and connected to remote server like road warrior(just wanted to mention this if this matters)

vpn is working fine. everythign works fine. just wanted access 192.168.2.200 from 192.168.1.151

I can't even ping computer(2) from computer(1) nor the second router.

Diagram,

INTERNET ---> FIRST ROUTER ---> SECOND ROUTER

Thanks in advance.

The problem is probably that NAT is enabled on the second router.

My solution would be to remove 192.168.2.x from the second router and add another network between the routers instead, use for example 192.168.3.x and configure 192.168.3.1 on the first router and 192.168.3.2 on the second router. This is to avoid asymmetric routing that may be a problem otherwise. Add this network to the lan zone on both routers if you want to.

Next disable NAT in the second router, and use 192.168.3.1 as default gateway. Add a static route to 192.168.2.0/255.255.255.0 via 192.168.3.2 on the first router.

seandex, you should use port forwarding on second router. I am not sure, how Strongswan influences on it. What port do you want to access?

mikma, second router serves to run vpn-client, your approach is trivial and not applicable in this case.

ulmwind, of course it can be tweaked. I only mentioned the basics that need to be in place. VPN should work if you make exceptions for 192.168.0.0/22 on the router with vpn.

(Last edited by mikma on 28 Sep 2017, 20:03)

I don't understand, what is your configuration? If nat is disabled in second router, how vpn client running on it may influence on computers in lan?