Route to LAN via OpenVPN not working after PBR

I’ve implented policy based routing, and have added a new port based vlan 172.
The WAN is using Starlink connection, and the SIM1 is second internet connection.
I’ve successfully setup policy based routing, and assigned these to the interfaces, so that any internet traffic for LAN goes via SIM1, and any internet traffic for vlan172 goes via WAN.
I’ve also setup failover for these and that works fine.

Im using openvpn client, for the RUTX11 that connects back on on premise openvpn server.
My LAN on the RUTX11 is using 192.168.6.0/24, and the Openvpn Server is pushing routes to clients, that 192.168.6.0/24 is available via 192.168.6.200 which is the RUTX11 LAN Gateway.

Before using policy based routing, my openvpn clients could reach any IP address in 192.168.6.0/24 on the RUTX11 LAN. But now, they can only accses the gateway on 192.168.6.200.

I’ve tried multiple things, but can’t work out why my openvpn clients can no longer reach any ip on the 192.168.6.0/24 subnet on the RUTX11 LAN, and only access it’s LAN interface IP 192.168.6.200?

I managed to get this working, but it was trial and error, and quite confusing.
Seems that PBR rules I had to set most routes to go via SIM for everything going via the WAN. Then in failover settings, set a new policy rule for the VLAN172 traffic to use WAN first, then SIM as secondary if source from 172.16.0.0/24. And the default rule to use SIM1 first, then WAN secondary. That all seems to work nicely with failover. and either will switch correctly to the other interface for default route traffic to the internet. And with the VPN traffic, from remote clients I can now access the LAN network behind the RUT thanks to the PBR’s. that if the destination reply(return) traffic from the LAN is to the OpenVPN network, go via the OpenVPN gateway… not the default route via SIM1 or WAN.

This topic was automatically closed after 15 days. New replies are no longer allowed.