Hi Guys
This was discovered in .193 and I have since migrated to .194 which has given me a lot of grief. so I dont believe its a .194 thing.
Unlike all my other remote devices, I have one road warrior VPN device that has 2 subnets beyond it:
NET-A/24 NET-B/24
\ /
Router as OpenVPN Client
|
OpenVPN tunnel
|
RED
ORANGE GREEN
BLUE
I added appropriate rules and was able to access the 2 A & B subnets from green and blue. I acknowledge that I should have really built the connection as a host to host VPN - but time and service continuity was the key factor “in the moment”.
With additional static routes My mobile device on blue could access net-A and B as could PCs in green and all was well. But I had to work away for a few days.
I had a call asking me to login and check a host in NET-B
So I OpenVPNed in from my phone (second road warrior) , and tried to get the the hosts web gui…no contact !
from my mobile as a road warrior, I could ping the remote OpenVPN client endpoint (i.e. the gateway to net A and B) but not any device in A or B, not the endpoints net A or B addresses.
I resolved the situation by remote desktoping into a green host , logging into the net B host and making a minor change.
But I have enabled client to client, I have appropriate push routes, static routes and rules to permit Openvpn subnet hosts access to the right resources on both road warriors. so I {thought} I should have been able to make the hop
Is this a limitation of road warrior ? Do I surmise correctly that the solution to make the NET-A+B router a host to host VPN ? or did I miss something in the overall scheme of things please ?
regards
BB