Hello, I have posted before, but either my question was asked incorrectly or no one know the answer on these forums. I will try to put it a straight forward as possible here.
I can successfully log into my Meraki, using client VPN with the vlan 192.168.5.x. In my case the address 192.168.5.118 was assigned to the laptop I'm using to log into the VPN.
On the local network there is a NAS drive on IP 192.168.1.3. When I try to ping this IP from the logged in laptop, the ping fails. Ie. I cannot access the local network connected to the Meraki, from the Client VPN login.
A secondary issue. I have given one of the local PC's on the network connected to the Meraki an address in the VPN subnet: 192.168.5.42. I cannot ping this IP either from the logged in laptop (192.168.5.118).
I've used to different ISP's with two different Public IP's for the VPN connection. In both instances I can connect, but I cannot ping anything.
If I go to Clients page and enter Client type VPN, then nothing shows up. There is no records of any VPN connection.
If your just going to point me to the Meraki help files, don't bother, I've read them all and did everything contained therein.
I need practical step by step assistance at to what I'm ding incorrectly please. Thank you.
Did you raise a case with Meraki Support?
What is the meraki mx ip of subnet 192.168.1.0/24?
Can you ping this mx ip from the vpn client when connected to the mx client vpn?
Has the nas this ip as gateway?
In what subnet is your client before connecting to the client vpn?
@ErnstTFD just open a case with Meraki support.
By the way, the only setting that could be preventing this is a group policy applied to the NAS restricting it or a layer 3 rule blocking it. The VPN client configuration level is all released by default.
So my advice is to open a ticket with support.
That is the image that you sent on another topic. It looks like a Route issue or something like that, you maybe will lose 2 hops, and then you will be able to reach the NAS IP. I will show you my tracert.
I believe I found the problem, instead of the traffic being sent through the VPN tunnel they are being sent to the default gateway of the router at your home.
Do you have any configuration on your network that could be causing this problem? For example, is a VLAN on the same network being used by the VPN?
Can you show the route print command after connecting to VPN?
So I am currently using this tool: https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html
It allows you to enter your desired subnets. This adds routes for those subnets.
I've added 192.168.1.0/24 and 10.5.5.0/24 subnets. After doing this, I can now ping 192.168.1.3 for the first time. However if I enter \\192.168.1.3 in my file explorer is still fails to connect to the NAS. Also I cannot ping 10.5.5.1 or 10.5.5.5. I need access to both of these as well.
The route looks like this when the VPN is connected:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.17.2.1 172.17.2.95 55 10.5.5.0 255.255.255.0 On-link 192.168.5.118 46 10.5.5.255 255.255.255.255 On-link 192.168.5.118 301 41.138.70.14 255.255.255.255 172.17.2.1 172.17.2.95 56 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 172.17.2.0 255.255.255.0 On-link 172.17.2.95 311 172.17.2.95 255.255.255.255 On-link 172.17.2.95 311 172.17.2.255 255.255.255.255 On-link 172.17.2.95 311 192.168.1.0 255.255.255.0 On-link 192.168.5.118 46 192.168.1.255 255.255.255.255 On-link 192.168.5.118 301 192.168.5.0 255.255.255.0 192.0.2.1 192.168.5.118 46 192.168.5.118 255.255.255.255 On-link 192.168.5.118 301 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 172.17.2.95 311 224.0.0.0 240.0.0.0 On-link 192.168.5.118 301 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 172.17.2.95 311 255.255.255.255 255.255.255.255 On-link 192.168.5.118 301 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default ===========================================================================
@ErnstTFD I suggest you do a test, delete the connection that you created via the Website https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html then configure it like the Meraki article and test It again.
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10
I've been working with Meraki for 7 years, and for Windows, I have never needed to create routes for L2TP tunnels.
This is my Route table:
The IP 10.1.0.5 is my VPN IP, and as you can see I don't have a default gateway for this subnet, and I'm still having access to my servers via L2TP.
Creating the VPN manually without the scripts and the routing, the routing table in windows look like this. (In this case I cannot ping 192.168.1.3 at all).
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.17.2.1 172.17.2.95 55
41.138.70.14 255.255.255.255 172.17.2.1 172.17.2.95 56
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.17.2.0 255.255.255.0 On-link 172.17.2.95 311
172.17.2.95 255.255.255.255 On-link 172.17.2.95 311
172.17.2.255 255.255.255.255 On-link 172.17.2.95 311
192.168.5.0 255.255.255.0 192.0.2.1 192.168.5.118 46
192.168.5.118 255.255.255.255 On-link 192.168.5.118 301
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.17.2.95 311
224.0.0.0 240.0.0.0 On-link 192.168.5.118 301
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.17.2.95 311
255.255.255.255 255.255.255.255 On-link 192.168.5.118 301
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================
Why do you have a Default Persistent Route? Can you remove It and try again?
Execute CMD as administrator and run the following command:
route -p delete 0.0.0.0 mask 0.0.0.0 192.168.1.1
By the way, why do you have a route to network 192.168.5.0.0.to 192.0.2.1 as a gateway? Your routing table is a mess. 😅
Try this:
netsh interface ip delete arpcache