PepVPN site to site routing issue

I can set up PepVPN where the Remote Peplink router successfully attached to the Primary Router when the Primary PepVPN Profile is set to NAT Mode. The subnet of my Primary site is with mask. The Remote site (LAN machines can access various servers and services on the Primary network. For example ‘ssh [email protected]’ works fine. Of course in this mode I can not reverse access the remote services from the Primary site. For example ‘ssh [email protected]’ doesn’t work. Which is expected.

It is my understanding that to get both sites to see routes to each other, I should set the "Remote IP Address’ on both the Primary and Remote site PEPvpn settings to point at each other. (In other words, turn off NAT on the Primary side PepVPN and instead point it to the IP of the remote.)

However, when I do so, neither side seems to be able to find routes to each other anymore. I have placed the Public IP address as well as the LAN addresses into the Firewall as ALLOW on both sides and even temporarily set ALLOW ANY as the default.

That didn’t seem to make a difference either. Doing something like ‘ssh [email protected]’ or ‘ssh [email protected]’ from opposite sides fails with ‘no route found’ errors.

I check the PepVPN status and can see that each is connected respectively to the other at and 2.0/24 respectively.

I can also test the PepVPN connections on both ends and can see traffic moving on each test. (one test shown below. Other similar results)

For completeness here’s what OSPF & RIPv2 show on each end respectively:

I feel like I’m missing some simple step to make this work. (Particularly since the Dashboard show the connection as Established and the Status tests do show traffic flowing between the links.)

What do I need to do so that each side can access services and see routes to the other end via that ends LAN subnet and vice-versa? (from machines on 5.0/24 see and access routes/services on 2.0/24 and from 2.0/24 see and access routes and services to 5.0/24)

It Generally looks good, but this:

Is not required… the remote IP address is how the 2 pepVPN peers find each other. Only one is required, but two is fine, just not required.

Yes, PEPvpn NAT should be off completely on all sides.

On the firewall part the “inbound” rules are not for VPN traffic… VPN is under the Internal Network… So that needs to be allowed.

At this time I would try and figure out which way the packets are flowing… A to B but not B to A?. with a tcpdump at each end. You have the routes, but have probably configured something that we aren’t seeing.

You also state this:

Who generates the no route found?.. find that in your tcpdump. The end server uses a default route, , peplink A has routes to PeplinkB, so who is generating the no route found?

Thanks Paul for your assistance.

Ultimately it was an subnet mask issue. While I had set the LAN MASK to, most of our machines had been previously manually set to, this overlapped the .5.0/24 and 2.0/24 ranges on opposite ends of the PepVPN connections. Once machines on both ends were correctly set to not overlap their opposite end, it works.

Thank you for your help.