VPN2S cannot access local network through pptp

dorba
dorba Posts: 6
First Comment
edited April 2021 in Security
Hello,

I have a question regarding Zyxel VPN2S, the router is up and running, the internal address is 192.168.2.1/255.255.255.0. 
pptp is enabled, the ip pool is set to 10.0.0.10-10.0.0.41/255.255.255.0, Access LAN Group 1 is set to 192.168.2.0/255.255.255.0
Although then connection to through pptp is successful and stable, the internet can be accessed, local network cannot, no ip 192.168.2.x is responding to ping.

What am I missing?

Thanks for your help!
«1

All Replies

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Is the remote site set to 192.168.2.1/255.255.255.0 ?
  • dorba
    dorba Posts: 6
    First Comment
    Sorry, where exactly should I set that?
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Where the remote VPN client is connecting to the VPN2S PPTP server is the LAN the client on 192.168.2.1/255.255.255.0 ? is so you need to change either the clients LAN IP subnet or the VPN2S LAN subnet and LAN group.

    Remote client IP 192.168.3.2 > NAT router > internet > VPN2S > 192.168.2.2


  • dorba
    dorba Posts: 6
    First Comment
    The VPN2S LAN addresses are set to 192.168.2.x

    On the VPN2S PPTP settings page  IP Address Pool is  set to 10.0.0.10-10.0.0.41 (default setting)
    on the page is specified:
    "The IP Address Pool has a 24-bit netmask and should not conflict with any WAN, LAN, DMZ, WLAN, or L2TP VPN subnet even if they are not in use."

    Also on the  
    VPN2S PPTP settings page I have set Access LAN Group to 192.168.2.0/255.255.255.0

    So when a client connects to VPN2S through PPTP it gets the IP 10.0.0.10, but has no access to the computers on the LAN (for ex. no response to ping 192.168.2.4)

    I have configured L2TP also, but although client connects, it is the same,  no access to LAN

    So I think I am missing something.

    Thanks a lot for your time!
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    But what about the remote site IP subnet before connecting to PPTP? 
  • dorba
    dorba Posts: 6
    First Comment
    I need some computers to connect to VPN2S at work over vpn so their IP depends on the site they are connecting from (mostly from home).
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Ok but if they use 192.168.2.1/255.255.255.0 at home then they can't connect to the VPN2S 192.168.2.1/255.255.255.0 LAN over VPN

    So change the VPN2S LAN to like 192.168.255.1/255.255.255.0 and Access LAN Group the which should not conflict with remote users.  
  • dorba
    dorba Posts: 6
    First Comment
    I double checked the possible conflict of the remote users IP, I changed the VPN2S LAN like you said but no change. 
    The configuration is like this: VPN2S is connected to internet, on LAN1 port there is another router connected (IP 192.168.2.4), on LAN2 port is a simple switch connected with few PC's (192.168.2.5-192.168.2.11) connected to it.

    After I connect through either PPTP or L2TP, I have discovered that I can ping VPN2S LAN (192.168.2.1), I can also ping the other router connected to LAN1 (192.168.2.4), but none of the pc's connected to that switch that is connected to LAN2 are responding to ping.
    All those pc's are connected to internet and share resources with each other (Microsoft network). In can ping from any of them the VPN2S or the other router or each other.

    Al I need is two other PC's to access through VPN a shared folder on one of those computers behind the switch, but for some reasons it doesn't work

  • dorba
    dorba Posts: 6
    First Comment
    I forgot to mention that, right now, the remote computers are connecting to one of those PC's behind VPN2S and switch using Remote Desktop Connection
  • it2business
    it2business Posts: 1  Zyxel Employee
    First Comment
    Shortly switch off your firewall on the PCs and check again the ping.
    The PCs to ping should have as gateway the VPN2S.

Security Highlight