Page 1 of 1

Routers behind SSTP tunnel not reachable

Posted: Mon Jun 21, 2021 12:31 pm
by wintech2003
Hello,

I have two routers, R1 and R2, connected via SSTP as per the following diagram.
R1 has a switch connected, and on that switch are servers with IPs in the 10.0.0.0/24 subnet.
R2 has a switch connected with servers in the 10.10.1.0/24 subnet, as well as two other routers, R3 & R4 with IP 10.10.1.240 and .241 respectively.
The interfaces on which the switch and two routers are connected are setup as a bridge.
I have created the necessary static routes in R1 and R2, so that the two subnets can communicate over the SSTP tunnel.

Now, the problem is that I can not reach the R3 & R4 from the other side of the tunnel.

Ping from R2 to R3 & R4 & vice versa works fine.
Ping from R3 & R4 to servers at 10.10.1.0/24 works fine.
Ping from R2 to servers at 10.10.1.0/24 works fine.
Ping from R1 to R2 works fine.
Ping from R1 to servers at 10.10.1.0/24 works fine.
Ping from servers at 10.0.0.0/24 to servers at 10.10.1.0/24 works fine.
Ping from R1 to R3 & R4 does not work.
Ping from servers at 10.0.0.0/24 to R3 & R4 does not work.

Any ideas?

Re: Routers behind SSTP tunnel not reachable

Posted: Mon Jun 21, 2021 2:55 pm
by mikeeg02
Simplistic fix is to enable proxy-arp on the bridge on R2 that the R3,R4, etc connect through. In my opinion the better approach is to put the sstp tunnel traffic on a subnet different than that the client's use.

Re: Routers behind SSTP tunnel not reachable

Posted: Mon Jun 21, 2021 7:54 pm
by wintech2003
In my opinion the better approach is to put the sstp tunnel traffic on a subnet different than that the client's use.
But it is.
Servers in R1 side are at 10.0.0.0/24
The tunnel is in 10.0.1.0/24
Servers in R2 side are at 10.10.1.0/24

Setting the bridge ARP setting to proxy-arp on R2 didn't help unfortunately :(

Re: Routers behind SSTP tunnel not reachable

Posted: Tue Jun 22, 2021 6:09 am
by mikeeg02
My apologies, I was a little dyslexic with some of the numbers.

Re-reading what isnt working, it sounds like R3, and R4 need either the gateway put into them, or a static route also entered into them for the 10.0.0.x/24 subnet and utilizing the 10.10.1.254 gateway.

As you said, R1 and servers 10.0.0.x/24 to the servers at 10.10.1.x/24 works, so the sstp tunnel is working.

But it would appear that routers R3, and R4 do not have the proper gateway or static route also put into them.