I was wondering if anyone could shed some light on an issue I'm having with a TP-Link, as I'm not familiar with those. I did a quick sketch to give a general idea.
My network runs off a Cisco RV325 router. It's connected to my cable modem and does the usual router stuff. DHCP, port forwarding etc. On my network, I have 3 servers running Proxmox to muck around on.
I recently bought a TP-link Archer A6 router to rebuild some sort of wifi, since the free Meraki license expired. I plugged it into the modem (a router, really), got an ip, and created a separate network. To get both networks to reach each other, I configured a port on the Cisco to reside on the Archer's network, then connected them. They can see each other, ACL's and routes allowed devices on either network to see on the other side. Everything works.
Now I left home for a couple weeks. I saw that the Archer had openvpn, so I gave it a try. It worked, but with one caveat. I was on a 192.168.3.0 network, as configured on the Archer (You can't use the same subnet as the DHCP pool). Aside from being on this new network, I couldn't reach the 192.168.4.0 hosts. So naturally, I did the normal route to the 3 network (Can't double up on 4), and created a vlan for that subnet on the Cisco, and got the ACL's done. Still doesn't work.
So from VPN: I can ping the vpn gateway (the 3 network default gateway) I can ping the 2.0 default gateway I CAN'T ping the Cisco's interface that's plugged into the Archer. (192.168.4.250)
If anyone knows TP-Link routers, is there anything that would allow a vpn client to reach the local network, yet not allow them to access any other networks?
On the Cisco side, will the Cisco block traffic from the vpn subnet because it's coming from the Archer, even though the ACL's are there for it? Traceroutes stop at the Archer as well.
This was tested using a phone as a hotspot, then the connection at my remote location. If anyone has any idea what's up, please lend a hand, thanks.
No comments:
Post a Comment