Static Router - EdgeRouter Lite
-
I'm sure this is something simple and just missed something simple but i'm having an issue with Static Routes and EdgeRouter Lite.
So I have HO Site and WHS Site. The WHS Site is the one that has a EdgeRouter Lite and that connected to the HO Site via a VPN (Draytek), through this VPN from the EdgeRouter I can ping the 10.0.1.220 address that's a Cisco Layer3 core switch.
However on this Cisco Switch at HO I have some VLAN's setup and it's those I need WHS to see as well, but can't seem to get the routing right.
How do you configure the EdgeRouter to route a network address 172.20.0.X through a VPN Link???
-
Are you sure it's a ERL problem and not on on the client side?
in other words, what does the routing table at the client see? Does it show that traffic destined for 172.20.x.x should go through the VPN? Assuming something like a split tunnel, the client might be sending the 172.20.x.x traffic to the normal default gateway.
What do you have for static routes already?
-
Pretty sure it ERL.
From a server at the WHS site if I traceroute to 10.0.1.220 it goes:-
Default Gateway(ERL) --> Draytek --> HO LANIf I tracert to 172.20.0.X it goes
Default Gateway --> ISP Router --> ISP Router --> Timesout.I've tried adding the 172.20.0 address to a static IP Via both 10.0.1.220 and Draytek (10.0.1.242) but that doesn't seem to work either.
-
Yup, sounds like a missing route on the ERL.
-
@hobbit666 said:
I've tried adding the 172.20.0 address to a static IP Via both 10.0.1.220 and Draytek (10.0.1.242) but that doesn't seem to work either.
It's a static route that is needed.
-
Have you done a route add command?
-
@Dashrender said:
Have you done a route add command?
On the ERL? I've tried adding via the web interface
-
What does the current routing table look like?
-
@Dashrender said:
Have you done a route add command?
I don't believe that there is a route add command on the ERL.
-
This is what adding a route looks like on VyOS:
set protocols static route 0.0.0.0/0 next-hop '190.66.11.49'
-
@scottalanmiller said:
@Dashrender said:
Have you done a route add command?
I don't believe that there is a route add command on the ERL.
Good to know, but you still knew what I was getting at.
-
You will need to add static routes both on the ERL for EACH VLAN on the other end of the VPN that you want to access.
On your core switch at HO, you'll need to add a static route back to WHS...
Assume the following Networks:
WHS Subnet: 192.168.100.0/24
WHS ERL: 192.168.100.1/24
WHS VPN to HO: 192.168.5.158/24HO Subnet: 192.168.5.0/24
HO Core Switch, VLAN 5: 192.168.5.1/24
HO Core Switch, VLAN 10: 192.168.10.1/24
HO Core Switch, VLAN 15: 192.168.15.1/24On the WHS ERL, you'll need to add static routes:
192.168.5.0/24 via 192.168.5.158
192.168.10.0/24 via 192.168.5.158
192.168.15.0/24 via 192.168.5.158On the HO Core switch, I believe you only have to add the following route:
192.168.100.0/24 via 192.168.5.158
Does that make sense?
Edit: The above is an idea only... Figure out the appropriate web or cli synax to make it happen.
-
Can the VPN not advertise the routes, so you don't have to do it statically on each client?
-
@Jason said:
Can the VPN not advertise the routes, so you don't have to do it statically on each client?
Depends on the VPN technology in use. But yes it can be specified in the ERL GUI for IPSEC or command line for OpenVPN
-
So I've setup the draytek and ERL VPN adding the main IPs to the Local/Remote boxes.
As default from whs I can ping the Core switch and everything on the "HO LAN", but nothing on the VLAN15 side even the VLAN IP on the Cisco Switch.I've tried a few ways of adding the static route to the ERL but nothing seems to help.
The draytek can ping all addresses.
-
Here is the ERL GUI
I have tried added the VLAN lan to that but still no go. -
@hobbit666 said:
So I've setup the draytek and ERL VPN adding the main IPs to the Local/Remote boxes.
As default from whs I can ping the Core switch and everything on the "HO LAN", but nothing on the VLAN15 side even the VLAN IP on the Cisco Switch.I've tried a few ways of adding the static route to the ERL but nothing seems to help.
The draytek can ping all addresses.
Can we get a screenshot of the Static Routes page on the ERL, and the show route command on the Cisco?
-
@hobbit666 said:
Here is the ERL GUI
I have tried added the VLAN lan to that but still no go.Is this screen shot the page of the VPN setup?
-
-
I've tried adding the route here via 10.0.1.220 and 10.0.1.242 but doesn't do anything
