Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

Fix the IPsec client routing

Since a VPN tunnel is a routed connection, i.e. it connects different subnets, clients on each end of the VPN tunnel must send their packets to a router that knows where to send packets destined for clients at the opposite end. If your IPsec client and VPN router's WAN side both have public, i.e. routable IP address, you'll probably have no problem communicating once your IPsec tunnel is established.

If either or both of the IP addresses is private, however, you could be in for trouble if either the LAN or WAN-side clients have incorrect Gateways specified.

Clients on the LAN side of the VPN router will have the correct Gateway info as long as they use the router's IP address as their IP address Gateway - in the example setup - because the router handles both Internet and VPN tunnel routing.

PN router LAN client routing

Figure 20: VPN router LAN side client routing

Figure 20 shows the output of the route print command (entered in a Command prompt or MS-DOS window) for our example LAN client. You can see that the default route - where data is sent if it doesn't match any other routes and indicated by - is

Gateway information for clients on the WAN side of the router may not be correct and need to be modified. In our example, the WAN-side client's IP address is, so its expected that its Gateway IP would be something in the 192.168.3.X subnet. Figure 21 shows the output of the route print command for our example WAN client.

WAN LAN client routing

Figure 21: WAN-side VPN client routing

You can see that the default route is, which happens to be the IP address of my LAN's main Internet-connected router. Although that router may know how to get our computer's data to and from the Internet, it doesn't know anything about the 192.168.1.X subnet at the other end of the test VPN tunnel. So if we fire up the tunnel that we just configured, we'll connect, then be very frustrated when nothing on the other end of the tunnel responds to a ping!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Morning I rebooted my router through the ASUS ios app and now the router won't turn on. When i try turning it on using the switch at the back, the 4th...
Another speedtest site, this time from Cloudflare. Nothing fancy in their tests (no bufferbloat testing for instance), but provides an alternative (as...
Hi Guys,I just added RT-AC68U as a node to AC5300 and as i understand 5Gz-2 (2nd 5gz band) is used for AiMesh.Is there a way to dedicate 1st one to Ai...
It seems I’m having streaming issues with YouTubeTV with all my devices after upgrading to 9107Netflix doesn’t seem to be an issue.Speed tests still c...
Hi everyone,I am copying some files from my win10 pc to my synology NAS, file speeds are about a dismal 2MB/s, they used to be about 80MB/s.Is there a...

Don't Miss These

  • 1
  • 2
  • 3