howto route VPN IPSEC clients to local LAN for SMB access

[Hoondi]

Hi,

I'm wondering if anyone can show me how to route an IPSEC subnet back to my main LAN subnet so that I can access the SMB server when offsite.

I found an Asus FAQ with an image that is exactly what I'm after, but it's for BRT routers and not RT-AC5300 series, and so the GUI options shown don't exist in the AC5300.
I just installed Merlin 384.12 in preparation for help too.

The above is exactly what I'm wanting to do.

Main subnet/LAN: 192.168.1.0/24
Router IP: 192.168.1.254
SMB Service: 192.168.1.100.
IPSEC LAN: 192.168.120.0/24

The above is what I have now and I'm able to connect. routing exists for me to get to 192.168.1.254 and view the Asus admin GUI, but no other route exists for me to get to the SMB server.

I've looked in LAN → Route, but I don't believe this config area's purpose is what I'm after. I understand this area is more for connectivity multiple Routers with NAT enabled running on each.

The reason why I'd prefer to achieve this with IPSEC and not OpenVPN is because IPSEC is embedded into iOS/macOS and so will be far simpler for me to describe how to connect with others etc etc.

If anyone can help, I would be very grateful as I've not been able to find any other posts about this.

Regards,
hoondi.

 

[Hoondi]

Hi,

I'm wondering if anyone can show me how to route an IPSEC subnet back to my main LAN subnet so that I can access the SMB server when offsite.

I found an Asus FAQ with an image that is exactly what I'm after, but it's for BRT routers and not RT-AC5300 series, and so the GUI options shown don't exist in the AC5300.
I just installed Merlin 384.12 in preparation for help too.

The above is exactly what I'm wanting to do.

Main subnet/LAN: 192.168.1.0/24
Router IP: 192.168.1.254
SMB Service: 192.168.1.100.
IPSEC LAN: 192.168.120.0/24

The above is what I have now and I'm able to connect. routing exists for me to get to 192.168.1.254 and view the Asus admin GUI, but no other route exists for me to get to the SMB server.

I've looked in LAN → Route, but I don't believe this config area's purpose is what I'm after. I understand this area is more for connectivity multiple Routers with NAT enabled running on each.

The reason why I'd prefer to achieve this with IPSEC and not OpenVPN is because IPSEC is embedded into iOS/macOS and so will be far simpler for me to describe how to connect with others etc etc.

If anyone can help, I would be very grateful as I've not been able to find any other posts about this.

Regards,
hoondi.

So I'm guessing I have to create my own VPN IPSEC script.
I just spent the last hour search these forums for IPSEC and found:

pc_append " lefthostaccess=yes" $CONFIG

Using a script to configure the service, would the above line give VPN connected users access to the main LAN?

 

[Hoondi]

Is anyone using IPSEC at all?
It seems there's a lot of momentum for OpenVPN instead.