Static Router - EdgeRouter Lite
-
You will need to add static routes both on the ERL for EACH VLAN on the other end of the VPN that you want to access.
On your core switch at HO, you'll need to add a static route back to WHS...
Assume the following Networks:
WHS Subnet: 192.168.100.0/24
WHS ERL: 192.168.100.1/24
WHS VPN to HO: 192.168.5.158/24HO Subnet: 192.168.5.0/24
HO Core Switch, VLAN 5: 192.168.5.1/24
HO Core Switch, VLAN 10: 192.168.10.1/24
HO Core Switch, VLAN 15: 192.168.15.1/24On the WHS ERL, you'll need to add static routes:
192.168.5.0/24 via 192.168.5.158
192.168.10.0/24 via 192.168.5.158
192.168.15.0/24 via 192.168.5.158On the HO Core switch, I believe you only have to add the following route:
192.168.100.0/24 via 192.168.5.158
Does that make sense?
Edit: The above is an idea only... Figure out the appropriate web or cli synax to make it happen.
-
Can the VPN not advertise the routes, so you don't have to do it statically on each client?
-
@Jason said:
Can the VPN not advertise the routes, so you don't have to do it statically on each client?
Depends on the VPN technology in use. But yes it can be specified in the ERL GUI for IPSEC or command line for OpenVPN
-
So I've setup the draytek and ERL VPN adding the main IPs to the Local/Remote boxes.
As default from whs I can ping the Core switch and everything on the "HO LAN", but nothing on the VLAN15 side even the VLAN IP on the Cisco Switch.I've tried a few ways of adding the static route to the ERL but nothing seems to help.
The draytek can ping all addresses.
-
Here is the ERL GUI
I have tried added the VLAN lan to that but still no go. -
@hobbit666 said:
So I've setup the draytek and ERL VPN adding the main IPs to the Local/Remote boxes.
As default from whs I can ping the Core switch and everything on the "HO LAN", but nothing on the VLAN15 side even the VLAN IP on the Cisco Switch.I've tried a few ways of adding the static route to the ERL but nothing seems to help.
The draytek can ping all addresses.
Can we get a screenshot of the Static Routes page on the ERL, and the show route command on the Cisco?
-
@hobbit666 said:
Here is the ERL GUI
I have tried added the VLAN lan to that but still no go.Is this screen shot the page of the VPN setup?
-
-
I've tried adding the route here via 10.0.1.220 and 10.0.1.242 but doesn't do anything
-
@hobbit666 said:
I've tried adding the route here via 10.0.1.220 and 10.0.1.242 but doesn't do anything
Is the Draytek a router, or a VPN appliance?
-
@dafyre VDSL Router
-
-
Vlan setup
-
When the WHS system connects to the draytek, does it get a 10.0.1.x IP ?
-
@dafyre said:
When the WHS system connects to the draytek, does it get a 10.0.1.x IP ?
???? No it's an IPSEC Site to Site VPN
-
@dafyre said:
@hobbit666 said:
Here is the ERL GUI
I have tried added the VLAN lan to that but still no go.Is this screen shot the page of the VPN setup?
What if you choose the "Add Subnets" button in this image?
And add the other subnets?
-
@dafyre said:
@dafyre said:
@hobbit666 said:
Here is the ERL GUI
I have tried added the VLAN lan to that but still no go.Is this screen shot the page of the VPN setup?
What if you choose the "Add Subnets" button in this image?
And add the other subnets?
He said he tried that.
-
You definitely need the additional subnets listed in the ERL config.
You also need to add them to the other end. Not familiart with the Draytek IPSEC settings, so hard to help there.
-
Draytek config
ERL
-
Do I maybe need to create them as separate Phase2 SA ??
