10456 questions

12460 answers


21896 members

0 votes
46 views 0 comments
So my network topology is this:

LAN Gateway is:

RUT240 LAN IP is:

RUT240 assigns VPN dhcp IPs to connecting clients in the range

My problem is that when a VPN client gets assigned IP for example, it can't talk directly to other devices in the LAN because that device doesn't know how to reach and even my gateway doesn't have a route for

I want to keep it this way, because I'm using the RUT240 as an OOB last-resort connection method. I have to assume everything is down, including the gateway ( imagine a power loss ). This means the RUT240 must be able to talk to devices on directly, without a gateway.

I believe I have to configure the RUT240 to NAT the VPN connections to its own LAN IP ( ) which would then allow for direct connections to the rest of the LAN.

Has anyone else done this ? Is it possible ?

1 Answer

0 votes
ok, I solved this myself with a custom firewall rule:

iptables -t nat -A POSTROUTING -o br-lan -s -j MASQUERADE

where is my openvpn assigned network.

Basically I'm natting all IPs from to the br-lan interface. Works like a charm
Best answer