Help with routing via OpenVPN

josep · September 17, 2025, 4:54pm

Hi! This will probably be a dumb question, but I have to ask.

I have a GWN7062 router (A) in one location and another one with the same model (B) in another location. They are connected with an IPSec VPN.

From A, I can reach B and devices behind B.

When I connect remotely via OpenVPN to A, I can’t reach B or devices behind B.

In the OVPN configuration file I am not ignoring redirect-gatewy and I am not messing with routes.

In router A, the OpenVPN server configuration pushes A and B routes to the client.

Upon connection, I can see the routes in the Windows routing table.

Under Security > Forwarding rules, nothing prevents an OVPN client to access router B. Still, I added a rule to explicitly allow it. Outcome remains unchanged.

What am I doing wrong?

James · September 17, 2025, 6:12pm

It’s been a bit for me with OpenVPN configs but did you allow router A’s networks to access to the OpenVPN connection and vice Versa on B?

It should be under each LAN network / VLAN and Destination.

josep · September 17, 2025, 10:01pm

Thanks for taking the time to reply, James.

Router A is the one connecting via IPSec to router B and, at the same time, is the OpenVPN server for the client. There is no problem for the client to reach A and the LAN. I have added instructions so that the OpenVPN server pushes routes to B.

It might be a problem of router B receiving the packets but not being able to respond. I can’t see where to add the OpenVPN IP range because when adding static routes in B, it does not allow me to add a next hop on the router A network.

The IPSec tunnel was created using the Grandstream’s wizard. I don’t want to mess with it while it is working, but may be I could manually add the local networks on both sides …

josep · September 17, 2025, 11:17pm

So …. long story short: I managed to ping remote router B from the client connected to router A.

The problem has to do with managing everything from the GDMS cloud controller. It is very easy to create an IPSec tunnel between 2 managed routers. Unfortunately, when doing in Auto mode, it automatically exchanges VLAN Ip addresses, but it does not allow to publish other addresses and the remote VPN workers’ address is not exchange. So, remote VPN workers can not reach other remote sites.

In manual mode, under the same GDMS cloud controller, it complains about conflicting IPs and nonsense stuff.

It is necessary to get into each router and manually create the IPSec tunnel, where it is possible to add all the IP ranges on each site. Once saved and enabled, packets began to flow back and forth!