WR31 - Site to Site VPN, but access from remote user

We have setup where multiple WR31 devices connect back to HQ via site-to-site VPN tunnels. That all works fine and users in HQ can access the devices without issues.

However, when users are out of the office and they connect to HQ via client VPN, they cannot connect to the remote WR31 devices.

I am fairly sure I need to somehow configure the WR31 devices so they are aware of and can route the network segment of that client VPN, but I am at a loss for how to do that.

HQ Network: 192.168.45.x
WR31 Network: 192.168.50.x
ClientVPN Network: 172.16.35.x

When users are on the 172.16.35.x network via a connected clientVPN tunnel, they cannot ping/access the devices on the 192.168.50.x network.


Quick question what VPN client software are you using, that you are having this issue with?

Users are using Forticlient, so a Fortigate is the HQ firewall.

I had a similar issue with my setup, and here’s what worked for me. It sounds like you need to set up a route on your WR31 devices for the 172.16.35.x network.

I logged into the WR31 device’s admin interface, usually through a web browser, and found the routing settings. Then, I added a route for the ClientVPN network (172.16.35.x), telling the WR31 where to send the traffic.

In your case, you’d want to add a route like this:

  1. Destination Network:
  2. Subnet Mask: (assuming it’s a /24 network)
  3. Gateway: The IP address of your HQ router that connects to the ClientVPN network

After saving those settings, my remote devices were able to communicate with users on the ClientVPN network. Give it a shot and see if it works for you too.