RMS Vpn Hub - Cannott reach hosts behind router

Hi all.
I got a RUT300 router configured on lan side in 192.168.240.0/28 network (RUT300 ip 192.168.240.1) with some connected hosts.
On the wan side of RUT300 there’s a dynamic IP on 192.168.2.0/24 private network.
Wan Gateway for RUT300 is 192.168.2.250/24 (Network Switch)
There’s another segment beetwen switch and company firewall.

VPN address pool is in 192.168.255.0/24 network that’s Teltonika RMS default.
While connecting from remote location I can join VPN connection but I can ping the only VPN interface of the RUT300, usually 192.168.255.1.
I cannott absolutely ping any host in RUT300 Lan or the RUT300 lan interface.

I added static routes in configuration for every ip behind RUT300
192.168.240.1
255.255.255.255
RUT300
than
…2
.,…3
etc…

There’s a PC on lan side with RDP enabled network card configuration is
IP Add 192.168.240.9/28
GW 192.168.240.1 (RUT300 Lan Ip Add)
DNS 192.168.240.1
DNS2 8.8.8.8

I’cant ping or connect by RDP to this PC

I also configured a policy on our firewall to accept packet from germany VPN address on port range 30000-39999.

No way… :frowning:

Should I have to open some ports on company firewall?
Some ideas?

Thank you

Add ONE route in RMS instead of so many single IP routes:

192.168.240.0
255.255.255.0

which corresponds to 192.168.240.0/24 and covers the whole LAN .240 subnet behind the Teltonika.

Don’t forget to RESTART the VPN Hub every time you make changes.

And make sure your router is running on the latest firmware of course.

Hi, and thank you for your reply.
I tried this way in first but I didn’t work.
I’ve tried again and no way to ping the lan behind the router.
:frowning:

Are you very sure you also enabled LAN access for your clients?

image

Yes shure. It’s enabled.
I regenerate also certificates and download new conf file every time I change some settings.

Hello,

Could you please confirm if you can connect to RUT300 via VPN IP?

Best regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.