Non aviation content. Play nice – No religion, no politics and no axe grinding please.
By rjc101
#1745927
Not scary, just a pain.

From the screenshot that should be all you need to do, providing what you are connecting to gets its IP address via DHCP or is statically set with the USG as the router/gateway.
By Colonel Panic
#1745933
Thanks; I can confirm that the only DHCP server is the USG; so far everything on the network today has been allocated a static IP (by me, via the USG and not using any device's dashboard) within the range ...2.2(?) - ...2.90.

The only things given an IP via DHCP have been visitors with laptops & phones etc.
User avatar
By Sjoram
#1746249
Infrequent visitor here these days, so just caught up on the recent posts.
Are you familiar with running a traceroute on the Mac via Terminal?
What happens if you traceroute from the VPN connected client to an address in 192.168.2.x assigned to a device on your network?
My gut instinct is that IF the traffic is being routed down the VPN from the remote client, it's either not being routed back in the other direction or the firewall rules aren't allowing the traffic to pass.
Nothing on 192.168.2.x will know anything about 192.168.3.x and vice-versa, but the USG should be able to link them together. The reason for needing to send all traffic down the VPN is that otherwise anything destined for an address not 192.168.3.x would try to use the 'default route' of the local internet connection and not the VPN tunnel. Sending all traffic down the VPN makes the USG the default route for all network traffic on the machine other than the VPN tunnel itself.
By Colonel Panic
#1746334
Sjoram wrote:Are you familiar with running a traceroute on the Mac via Terminal?
What happens if you traceroute from the VPN connected client to an address in 192.168.2.x assigned to a device on your network?


Thanks; happy to run traceroute, but not sure what the replies mean. Here, I traceroute'd three different "things" to see if the nature of the query mattered.

2.50 = a Raspberry Pi
2.29 = a Synology NAS
2.30 = an iMac

What can one deduce (if anything) from the results? In each case if I type the same IP addresses in to the browser addressbar the progress strip just stalls at <10% across and nothing happens.

NB: The VPN does connect OK, and assigns me an IP of 192.168.3.1 which is what I would expect. I have ticked "Send all data over VPN"

EDITED TO ADD: I am not sure where the 10.255.25.0 comes from? Possibly via Waitrose's O2 wifi access point?

Image
User avatar
By Sjoram
#1746556
Your PM gave me the nudge to check the thread.
:D

Based on your screenshot, it would appear that traffic can route from the VPN client to devices on the 192.168.2.x so I think it's likely what you now need is firewall rules on the USG to allow traffic with a source address of 192.168.3.x to reach the relevant devices/services on 192.168.2.x

You could either be very open and allow any 192.168.3.x to any 192.168.2.x or you could be more granular and only explicitly allow the services you need.

It's possible that the USG will allow ping & traceroute by default (or via a tick box), but not other protocols.