Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

Fix the IPsec client routing

Since a VPN tunnel is a routed connection, i.e. it connects different subnets, clients on each end of the VPN tunnel must send their packets to a router that knows where to send packets destined for clients at the opposite end. If your IPsec client and VPN router's WAN side both have public, i.e. routable IP address, you'll probably have no problem communicating once your IPsec tunnel is established.

If either or both of the IP addresses is private, however, you could be in for trouble if either the LAN or WAN-side clients have incorrect Gateways specified.

Clients on the LAN side of the VPN router will have the correct Gateway info as long as they use the router's IP address as their IP address Gateway - in the example setup - because the router handles both Internet and VPN tunnel routing.

PN router LAN client routing

Figure 20: VPN router LAN side client routing

Figure 20 shows the output of the route print command (entered in a Command prompt or MS-DOS window) for our example LAN client. You can see that the default route - where data is sent if it doesn't match any other routes and indicated by - is

Gateway information for clients on the WAN side of the router may not be correct and need to be modified. In our example, the WAN-side client's IP address is, so its expected that its Gateway IP would be something in the 192.168.3.X subnet. Figure 21 shows the output of the route print command for our example WAN client.

WAN LAN client routing

Figure 21: WAN-side VPN client routing

You can see that the default route is, which happens to be the IP address of my LAN's main Internet-connected router. Although that router may know how to get our computer's data to and from the Internet, it doesn't know anything about the 192.168.1.X subnet at the other end of the test VPN tunnel. So if we fire up the tunnel that we just configured, we'll connect, then be very frustrated when nothing on the other end of the tunnel responds to a ping!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Is it a good idea to reboot the router on a daily/weekly basis? The unit gets heavy use all day and evening with web and TV. Just wondering if there's...
ISP is Brighthouse (Charter Communications)Location is North Central Florida - Marion CountyModem is Brighthouse with Coax to TVRouter is my ASUS RT-A...
Hi,Today, I flashed this new firmware and everything are fine, so now I will like to try a "special" configuration with OPENVPN and ask to the comunit...
i have two routers Asus GT-AX11000 & Asus RT-AC87U. my internet connection speed is 600mbps. i want my AX11000 to control everything security to IP ad...
Hi all,We've just relocated to a new area of Canada, and our new ISP is Bell (fibre). The supplied modem serves several functions, including FibeTV an...

Don't Miss These

  • 1
  • 2
  • 3