11-04-2020 01:32 AM
Hi,
I managed to define a SSL VPN connection from my android device to my RV340, but I can't access any of my servers in the LAN once the connection is established.
I watched the video that guides how to do that, which is exactly what I did, but it doesn't help:
https://www.youtube.com/watch?v=uYhnukvNghM
I'd appreciate your help.
Thanks
11-04-2020 01:47 AM
Do you have ACL to allow VPN pool to Access Internal LAN,. also check what Firmeware you have, there were some discussion they have old firmware, after upgrade all fixed by it self
best is test with ACL is ok before upgrade,
11-04-2020 06:06 AM
Do you have for your server VLAN the option Inter-VLAN routing enabled?
I have the SSL VPN configured and no ACL was required.
I do have a device that is not accessible directly via the SSL-VPN - to reach it from remote, I have to do it via another device within the same VLAN - but that says more about the device itself and not the SSL-VPN as I have no trouble accessing anything else in my network.
Just to make sure that all the simple things are correct, I am assuming that you can reach the internet from the servers in your network - that the default gateway on them is configured and no firewall rules are in the way. Also the SSL-VPN client address pool must not overlap another address pool in your network. I think the router will not let you even create an overlap.
HTH
11-04-2020 08:07 PM - edited 11-04-2020 08:23 PM
Hi A D'Auria and balaji.bandi
I believe that your suggestions are exactly to the point.
I do not have such rules. I have the default VLAN1 where all my servers are and another one for guests that is irrelevant in that case, but I'm sure I'm missing some ACL or Inter-VLAN rules.
How do I set these up? I have this rule (10.0.10.0/24 is the range of the SSL VPN clients), but it doesn't seem to be helpful:
BTW, I'm using the latest firmware
Thanks
11-04-2020 11:29 PM
Take a look in your VLAN set-up.
LAN->VLAN Settings:
Look at the 3rd/4th column "Inter-VLAN routing" - make sure that it is turned on/checked for your server VLAN.
11-05-2020 06:49 PM
Hi
My "Inter-VLAN routing" is indeed enabled on all my VLANs:
What I find strange on the android side is the routes that are declared in the AnyConnect screen. Why 0.0.0.0? My "Split Tunneling" checkbox in the Group policy isn't checked
11-05-2020 07:14 PM
One more thing I checked on the android device is the interfaces and routes. Same thing. Nothing specific that points to the AnyConnect's interface (tun0):
$ ifconfig
dummy0: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::744d:f7ff:fe97:d36f prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25 bytes 1750 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1 (UNSPEC)
RX packets 82 bytes 27217 (26.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 82 bytes 27217 (26.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rmnet_data0: flags=65<UP,RUNNING> mtu 1430
inet 100.1xx.1xx.xx netmask 255.255.255.252
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 21837 bytes 23558811 (22.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13179 bytes 1722479 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rmnet_ipa0: flags=65<UP,RUNNING> mtu 2000
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 11340 bytes 23821215 (22.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13179 bytes 1827911 (1.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=81<UP,POINTOPOINT,RUNNING> mtu 1329
inet 10.0.10.3 netmask 255.255.255.255 destination 10.0.10.3
inet6 fe80::9761:e537:a850:8ac5 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 113 bytes 68333 (66.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 122 bytes 10145 (9.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.1xx.1xx.xx 0.0.0.0 255.255.255.252 U 0 0 0 rmnet_data0
$
11-05-2020 01:38 AM
Hello dst_u,
You should have enabled Inter-VLAN routing (LAN-->VLAN Settings-->Inter-VLAN Routing on your VLAN1) although it would not affect VPN client connectivity to your servers. How do you try to access your servers through the Android mobile phone? Do they have enabled remote access (RDP, etc.)?
My advice is to restore to default rules the Firewall Access Rules on your RV. (Access Rules --> Restore to Default Rules), save and apply config. Then reconnect the VPN client and see if you have access to your servers.
Regards,
Martin
11-05-2020 06:52 PM
Hi Martin,
I have Linux servers, so I access them by SSH.
As I responded to D'Auria, the Inter-VLAN routing is indeed enabled.
As for the rules, I can't reset them. I have too many that I added over years. Are there any specific rules that are related to VPN->LAN access that I need to create/enable?
Thanks
11-06-2020 01:39 AM
Hello dst-u,
Please do create access rules that allow traffic from your VPN network (network subnet) to your servers VLANs.
Regards,
Martin
11-07-2020 04:30 PM
I have. It didn't help
That's the rule that I created:
04-07-2021 07:15 AM
This is the same issue i have been trying to fix over the last few weeks
no matter which acl you add for vlan or routes once connected on the vpn , you can't talk to any host on the lan network, seems like the router doesn't allow the traffic to go accross, no routes are shown and you can even select tun0 as an interface to send routes thru. does anyone have any updates or solutions for this
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide