USG40 - dual WAN routes stop working

Options
thrasher
thrasher Posts: 3
Friend Collector
edited April 2021 in Security
Hi

Hoping someone might be able to help with my issue.  I have set up OPT as an alternative wan link, which routes to a router and out through a VPN.  I have two internal lans.  I want LAN1 to go out through WAN, and LAN2 to go out through OPT.

LAN1 has IP range 192.168.2.2 to 192.168.3.250/23
LAN2 has IP range 192.168.1.10 to 192.168.1.50/24

This worked perfectly for a while.  Clients in the 192.168.1.X range hit the internet through OPT and out through the VPN.  Clients in the 192.168.2 and 3.X range hit the internet through WAN.

Suddenly this is not happening any more and the LAN2 clients are now missing the VPN via OPT and going out through WAN.

Any ideas?  I have tried all sorts of security rules to stop traffic from LAN2 hitting WAN, but they don't seem to have any effect.

I am wondering if at some point, before I had the right rules in place, some LAN2 traffic go out through WAN, and this created routes in a table which makes them permanent, and all the gui config I now do is meaningless...

Any pointers welcome!

All Replies

  • PeterUK
    PeterUK Posts: 2,735  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Is the VPN being done by the USG40? Or after by another device.

    You likely need routeing rules


    Do the same for LAN2 to OPT


  • thrasher
    thrasher Posts: 3
    Friend Collector
    Options
    VPN being done by another device. 

    I have a routing rule for LAN2 out as follows:


    And one for LAN1 out:

    My devices on LAN2 have a router address of the LAN2 port on the USG40 (192.168.1.3).
    My devices on LAN1 have a router address of the LAN1 port on the USG40 (192.168.2.1).

  • thrasher
    thrasher Posts: 3
    Friend Collector
    Options
    Panic over.  Turns out my VPN router wasn't routing traffic through the VPN!  Once I fixed that, I can see the LAN2 traffic now going through the VPN, so it wasn't a USG40 problem at all.
    @PeterUK : thanks for your response!

Security Highlight