Server Bug Fix: Missing routes so that L2TP VPN works (no IPsec)

Original Source Link

I would appreciate help with understanding routes and adding missing ones in the following L2TP setup:

I have two OpenWRT based routers, Router A is the L2TP VPN server, and Router B is L2TP VPN client. The L2TP tunnel gets successfully established.

Router A:
LAN: 192.168.1.0/24
L2TP server with virtual IP 192.168.2.10 and issuing virtual IP addresses 192.168.2.90-99
Desktop PC A connected to it with IP 192.168.1.204
It’s WAN has public static IP X.X.X.X.

Router B:
LAN: 10.0.0.0/24
Router is L2TP VPN client with IP 192.168.2.90
Desktop PC A connected to it with IP 10.0.0.109
It’s WAN is connected to Internet via Broadband modem.

Router A’s routing table:

192.168.2.90 dev ppp0  proto kernel  scope link  src 192.168.2.10 
255.255.255.255 dev br0  scope link 
X.X.X.Y/30 dev usb0  proto kernel  scope link  src X.X.X.X 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1 
default via X.X.X.X dev usb0
And it has the following interface:

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:192.168.2.10  P-t-P:192.168.2.90  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2664 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2664 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:18849 (18.4 KiB)  TX bytes:18853 (18.4 KiB)

Router B’s routing table:

10.0.0.0/24 dev br-lan  proto kernel  scope link  src 10.0.0.1 
192.168.2.10 dev l2tp-vpn0  proto kernel  scope link  src 192.168.2.90 
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.178 
192.168.100.1 dev eth0  proto static  scope link  src 192.168.100.178

And it has the following interface:

l2tp-vpn0 Link encap:Point-to-Point Protocol  
          inet addr:192.168.2.90  P-t-P:192.168.2.10  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2343 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2343 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:16609 (16.2 KiB)  TX bytes:16605 (16.2 KiB)

I am unable to ping from Desktop PC A to Desktop PC B or vice versa. No firewalls are enabled on either one.
Routing table on Desktop PC A is below:

Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGScI           7        0     en8       
127                127.0.0.1          UCS             0        0     lo0       
127.0.0.1          127.0.0.1          UH              6    13300     lo0       
169.254            link#11            UCS             1        0     en0      !
169.254            link#8             UCSI            0        0     en8      !
192.168.1          link#8             UCS             0        0     en8      !
192.168.1.1/32     link#8             UCS             1        0     en8      !
192.168.1.1        8c:19:2d:23:ea:d0  UHLWIir         7        0     en8   1185
192.168.1.204/32   link#8             UCS             0        0     en8      !

And routing table on Desktop PC B is:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    202    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     202    0        0 eth0

Any advice is appreciated as to what needs to be changed in uci routing tables or on routing tables of the Desktop PCs.

Tagged : / /

Leave a Reply

Your email address will not be published. Required fields are marked *