Accessing devices inside Digi Network

NorthGuard · February 24, 2022, 1:37pm

Scenario:
HQ has firewall and LAN IP segment of 192.168.90.x

Digi WR31 in the field has static WAN IP over cellular ( Verizon ) and LAN IP segment of 10.90.33.x Eth0 on Digi is 10.90.33.5

HQ and Digi are connected via an IPSec VPN Tunnel

Issue:
Once the tunnel is up, I can connect to the web interface of the Digi on 10.90.33.5 and can also ping that interface.

There is a switch connected to Eth0 and devices connected to that switch ( all are on the 10.90.33.x network )… but… I can’t ping any of those devices or connect to them from HQ.

If SSH into the Digi, I can ping them from inside the Digi, which tells me there is a config issue on the Digi.

Firewall is only enabled on the PPP1 interface.

NicholasYourIoT · March 9, 2022, 7:33pm

If you can connect to the Digi via SSH it is going to be either your near end/far end subnets in the ipsec tunnel or a gateway issue in the far end device.

You can see this by tracing ICMP on the ethernet interface of the WR31 and seeing if you get a response.

A poor mans way of testing this is by turning on “eth 0 do_nat 2” and seeing if ping works to the end device. If that works it is 100% the end device gateway.

Nicholas Wilson
Your IoT
https://www.YourIoT.com.au

garridog · October 18, 2022, 7:21am

Hello,

Can you share your eroute and LAN config?

Topic		Replies	Views
WR31 NAT1:1 between Eth 0 and Eth 1 Digi TransPort WR (Series) routing , wr31	2	545	February 5, 2018
How devices connected to ETH0 can access internet from WR11? Digi TransPort WR (Series) lan , wan , wr11	4	574	October 21, 2020
WR31 - Site to Site VPN, but access from remote user Digi TransPort WR (Series)	3	298	November 17, 2023
Struggling to config IPSec VPN to Fortigate Digi TransPort WR (Series) vpn	3	226	October 20, 2022
WR31 - SSH over PPP not working Digi TransPort WR (Series) ssh	1	400	December 3, 2019

Accessing devices inside Digi Network

Related Topics