I have a server with CHR. L2TP with IPsec is configured on this server. Along with CHR, I have another server which is on CHR's local network. The CHR has an external IP address that I use to connect to the VPN.
Example:
1.1.1.1 - external IP on CHR
192.168.0.0/24 - local network for VPN users
10.0.0.0/24 - local network for servers.
10.0.0.2 - server next to CHR
I can connect to the VPN from different computers and with different VPN users (secrets) without problems and access the server that is on the CHR LAN (10.0.0.0/24). However, I have one computer with Windows 11 on which there is a problem. The problem is that I can connect to the VPN, but the traffic does not reach the CHR LAN (10.0.0.0/24). I can connect from different clients on this PC, still it doesn't work. If I log in under these users from other PCs then everything works. So I think the problem is on the client side.
I'm sure the VPN is set up identically to the other PCs. The CHR shows that there is a connection from this PC. Only the traffic does not go to the CHR local network (10.0.0.0/24).
First, I discovered that the client does not have a route path in the path table for the VPN connection when connecting.
Code: Select all
IPv4 Route Table
=============================================================
Active Routes:
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 172.16.0.1 172.16.0.254
P.S: 172.16.0.0/24 - this is a local network at the client's home.
After comparing the table on the working client and non-working client, I found that there is no such record:
Code: Select all
IPv4 Route Table
=============================================================
Active Routes:
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 On-Link 192.168.0.254
So I manually added this entry for the VPN interface. Using this command:
Code: Select all
route -p add 0.0.0.0 mask 0.0.0.0 0.0.0.0 if 40
P.S: 40 - this is the interface
After that, two paths appeared in the routing table:
Code: Select all
IPv4 Route Table
=============================================================
Active Routes:
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 172.16.0.1 172.16.0.254
0.0.0.0 0.0.0.0 On-Link 192.168.0.254
But it didn't help