Connectivity to the clients 172.16.1.2 and 172.16.1.3 from the L2TP server (172.16.1.1) is working.
However there is no ping between 172.16.1.2 and 172.16.1.3.
The L2TP server is forwarding traffic from the VPN network (i.e. there is connectivity from 172.16.1.2 to the Internet via 172.16.1.1)
I know OpenVPN has a configuration directive called client-to-client that enables connectivity between individual clients.
Is there something similar in L2TP?
If not - can you recommend a workaround?
I tried adding a static route on 172.16.1.1 for 172.16.1.0/24, but it said that 172.16.1.1 is “unreachable”.
I also looked up for setting up a bridge between the L2TP clients, but all articles I came across were about bridging the VPN and the local network.
P.S. Keep the Bulgarian tradition of putting a minus on a person who wants to help you, I was easier to explain the settings in our native language! Anyway, check the routes and see the firewall of the main router Ванчо !
I don’t know exactly what you try to accomplish but i would recommend you a simple ipsec site 2 site tunnel from each site to the others. So all private networks are connected to each other. One important point in such a setup is to have different subnets on each site but as your diagram shows that’s already done
I have fiddled with the firewall and routes for quite some time but without any success. I’ll check that again.
P.S.
There are two reasons for the minus:
If someone has the same issue as me, then he’ll have to go to the Bulgarian forum, look up the new thread and then try to understand it. In the case of that person not speaking Bulgarian I find this quite difficult;
Having to create a separate account and a separate thread seemed like too much work given the fact that this forum has a much larger audience.
I thank you for your help, but I do not agree with redirecting to another forum and asking there as being a part of the solution.
Поздрави,
Иван.
Thanks for the reply, my main goal is to have the three subnets connected. I’d like to have a central point for the L2TP, since adding a fourth and fifth location would be much much easier this way compared to a 5 node mesh.
How far did you got with your l2tp setup? Maybe a thing. Did you added a route back on each router? Maybe because you want to add more sites, you should consider to use a dynamic routing protocol.
As you already sayed 172.16.1.3 is not visibal for 172.16.1.2 because l2tp is a point to point connection with a /32 subnet. So for site 1 and site 2 the main router should be the gateway.
What you also can do later is to add the route dynamically with the routes field in the ppp secrets window.
A little side note. Using a central solution also have down sides. If the main router goes down, all sites a disconnected from each other. The main router needs to be mehr powerful because he’s always involved. And obviously you need a better internet connection on the main site. I think it depends on your future plans. On how many site you really will have in the future . I think to configure 5 routers once is not too bad. Because mainly is copy paste work and changing the ip addresses.
I already had those rules (or at least I thought I did), but I decided to break down the setup a bit more and assign 172.16.2.1 (on the main router) and 172.16.2.2 for office 2, 172.16.3.1 (again on the main router) and 172.16.3.2 for office 3. This allowed me to see more detail in the packet sniffer and I was able to consecutively ping each host on the route from Office 2 to 3.
By reverting the steps above I was able to have it working with 172.16.1.* addresses as initially intended.
I’m puzzled by what prevented it from working initially, but everything points at me
My thanks to everyone who participated in the discussion!
You put your reasons correctly and we would continue to discuss the topic here, and I did not understand why it was necessary to put a negative sign, what you wrote is no argument for its placement! Anyway, the important thing is that you have reached and reasoned the solution!
Поздрави
Ицо
