How do I set up routing for a VPN gateway separate from my main gateway?
Just like you have a route to the main gateway pointing all the traffic to the vpn subnet to the vpn gateway, you need a route in the vpn gateway pointing all traffic to the main subnet to the main gateway.
Related videos on Youtube
![Admin](/assets/logo_square_200-5d0d61d6853298bd2a4fe063103715b4daf2819fc21225efa21dfb93e61952ea.png)
Admin
Updated on September 17, 2022Comments
-
Admin almost 2 years
I have a run of the mill router/firewall set up for my small company's Internet access. I've also added a separate VPN (IPSec) gateway using a Netgear VPN router. The main gateway and VPN gateway have separate public IP addresses, and the VPN clients have a different subnet from the home office LAN (which is just how the Netgear works - I can't put them on the same subnet as everyone else).
The problem is that traffic between LAN PCs and VPN clients doesn't route correctly. LAN clients can ping VPN clients, but VPN clients cannot ping LAN clients (using Wireshark I see the ping gets to the client, but the client cannot respond).
I have a routing entry on the main gateway to point all traffic to the VPN subnet to the VPN gateway. However, that doesn't seem to do the trick. The only solution I've found is to add a static routing entry on the all the PCs on the LAN to point them to the VPN gateway for its subnet. However, this doesn't work for embedded devices that don't allow you to do static routing.
What am I doing wrong?
Here are the IPs/subnets in question (the public addresses are faked for the sake of privacy):
LAN: 192.168.0.0 VPN clients: 192.168.1.0
LAN Gateway: 192.168.0.1 (WAN: 1.1.1.1) VPN Gateway: 192.168.0.2 (WAN: 1.1.1.2)
The LAN Gatway has a route for 192.168.1.0 -> 192.168.0.2
I have partial success with each PC having a static route for 192.168.1.0 -> 192.168.0.2.
Edit:
The VPN gateway is a Netgear ProSafe VPN Firewall FVS338, and the main gateway is an Actiontec MI424-WR (for Verizon FiOS).
-
Avery Payne about 15 yearsCould you please specify the model of Netgear you are using? It wouldn't happen to be a ProSafe, would it?
-
Admin about 15 yearsYes, it's a ProSafe VPN Firewall FVS338
-
-
Steven Behnke about 15 yearsI tried that, but it had no effect.