Strange routing behavior - Client to Client on same WAN

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mpratt14
OpenVpn Newbie
Posts: 1
Joined: Fri Feb 14, 2020 3:24 am

Strange routing behavior - Client to Client on same WAN

Post by mpratt14 » Fri Feb 14, 2020 3:42 am

For simplicity:

Server: Debian 9 on GCP

Clients:
Router A: Openwrt 19
Router B: Openwrt 19
Router C: Asus AC68P running Asuswrt-Merlin
(several more that are unrelated...)

Routers A and B are on the same WAN, in other words, connected to the same modem and have the same public IPv4. I am forced to use IPv4 because the server can only have IPv4. I am trying to keep them on separate LANs completely and I don't want to have to deal with figuring out VLANing (but I will as last resort). Speed and latency are not priority, just want the route to function.

There are no duplicate Common Names

Router A has routes in the OpenVPN config that point to the others
Router C has routes in the OpenVPN config that point to the others
Router B has no routes in the config




Problem:
LAN members of Router A can ping Router C and its LAN members, but NOT Router B...

HOWEVER....
Router A CAN ping Router B (from SSH), and has the proper routes in the routing table
and...
LAN members of Router C CAN ping Router B and its LAN members

So to me it seems like its impossible to route packets through the VPN and then back to the a different VPN client that happens to have the same public IP address...but despite two clients being on the same WAN, the VPN is able to successfully distinguish between the two clients, if the connection originates from outside that WAN....but I have no idea why...

Post Reply