Hello! I have an issue with my configuration and can’t understand what is missing. Maybe someone had similar issue.
This is the current setup (only show relevant things).:
My balance 20x connected via modem to internet. It has public IP. I use dynamic dns as well to have domain always pointing to router.
Internally I have main VLAN 192.168.2.1/24 and my devices connected to it via ethernet or wifi. VLAN has DHCP and Inter-VLAN routing is enabled.
I have some firewall rules. Most important are:
- All inbound are Deny
- All internal are Deny
- All outbound Allow except iot VLAN
- There are some special rules to Allow touching devices on other VLANS from main (iot devices).
This setup is working perfectly.
Now I’m trying to setup Remove user access. I’m using LT2P (had similar issues with OpenVPN).
I setup all information and set “Connect to Network” to my main VLAN.
I used Iphone a remote device (also tried macbook connected to mobile network). I enabled “Send all traffic” on device.
What is working:
- I’m able to connect to VPN. New device with main VLAN IP shown in clients list
- Remote device traffic goes through router (I see IP on websites is router IP)
- Remote device is able to open router admin panel on VLAN IP (192.168.2.1)
What’s not working:
- Remote device has no access to devices in the same VLAN. No connections, no pings.
- VLAN devices behind router can’t connect to remote device.
Since VPN itself is working and the issue is only connection between devices I assume some routing doesn’t work where it should. Since devices are in the same VLAN it should be L2 routing and should work.
Any ideas what did I forget?