subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
128 views 1 comments
by anonymous
I have a RUT951 on a remote site that establishes an OpenVPN connection back to base. The connection works, but the devices n the remote network are NAT'ed. I need to be able to reach them individually from the base network.

As a stop-gap I have created Port-Forward rules for one device, but this is unmanageable for more than once device.

1 Answer

0 votes
by anonymous


It seems that you have set up an OpenVPN tunnel between a client and a server, and you want to be able to reach LAN devices on both sides using their private IP addresses. Is this correct?

To achieve this, you need to configure OpenVPN to route LAN networks.

To do this, you need to follow a few steps. First, set up your OpenVPN to use TLS and upload the necessary certificates, as shown in the configuration example available here. Make sure to follow the TLS authentication part.

Then, add TLS client on the server and declare the LAN network of the client within these settings. By doing this, the server will know that it needs to route this declared LAN network (for example, via, for example, client1. As a result, the server and its LAN devices will be able to reach devices in the LAN network of client1 using their private IP addresses.

If you want devices in the client1 LAN network to reach the LAN network on the server side, you need to push the server's LAN network to the client from the server. To do this, add the following to the push options on the server side (replace the address with the server's LAN network): 

  • route

By doing this, the LAN devices on the client1 network ( will be able to reach LAN devices on the server's side ( using their private IP addresses.

You can add more TLS clients on the server. Just make sure to associate them with their respective LAN networks.

Kind Regards,


Best answer
by anonymous
Thanks, Andzej

I've got it working now.