Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

Fix the IPsec client routing

Since a VPN tunnel is a routed connection, i.e. it connects different subnets, clients on each end of the VPN tunnel must send their packets to a router that knows where to send packets destined for clients at the opposite end. If your IPsec client and VPN router's WAN side both have public, i.e. routable IP address, you'll probably have no problem communicating once your IPsec tunnel is established.

If either or both of the IP addresses is private, however, you could be in for trouble if either the LAN or WAN-side clients have incorrect Gateways specified.

Clients on the LAN side of the VPN router will have the correct Gateway info as long as they use the router's IP address as their IP address Gateway - in the example setup - because the router handles both Internet and VPN tunnel routing.

PN router LAN client routing

Figure 20: VPN router LAN side client routing

Figure 20 shows the output of the route print command (entered in a Command prompt or MS-DOS window) for our example LAN client. You can see that the default route - where data is sent if it doesn't match any other routes and indicated by - is

Gateway information for clients on the WAN side of the router may not be correct and need to be modified. In our example, the WAN-side client's IP address is, so its expected that its Gateway IP would be something in the 192.168.3.X subnet. Figure 21 shows the output of the route print command for our example WAN client.

WAN LAN client routing

Figure 21: WAN-side VPN client routing

You can see that the default route is, which happens to be the IP address of my LAN's main Internet-connected router. Although that router may know how to get our computer's data to and from the Internet, it doesn't know anything about the 192.168.1.X subnet at the other end of the test VPN tunnel. So if we fire up the tunnel that we just configured, we'll connect, then be very frustrated when nothing on the other end of the tunnel responds to a ping!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I currently have an ASUS RT-AC86U running Merlin, along with a Netgear X4s R7800 as my backup. I'm really bored with Netgear stock firmware and Voxel ...
I have been having some Wi-Fi connection issues lately and am looking for a good "recommended settings" guide, but they are all several years old. Man...
periodically when my router reboots on scheduled reboots, a VPN server may fail to start, might be vpn 1 or vpn2 I am trying to figure out what could ...
I have an ac868u which is connected to the internet via a pppoe modem. For some reason new clients are being assigned the name of the modem by the asu...
About every 2-3 months, my RT-AC68P seems to lock upI cannot login to the web GUI (on the private LAN) and all internet traffic ceases to function (in...

Don't Miss These

  • 1
  • 2
  • 3