Tutorial: Configure A Host as a Gateway Client-Side Subnets Routing through Access Server
Effectively route client-side subnets through your business VPN with Access Server's user permissions and routing settings.
Overview
This tutorial explains routing specific client-side subnets through a host, such as a router, configured through Access Server's user permissions. This setup enables other end users to access their local network behind the host while connected to the VPN. Proper user permissions and network routing configuration are essential to facilitate this functionality. The steps outlined can ensure that desired client-side subnets are correctly routed through Access Server for seamless connectivity.
An installed Access Server.
Admin Web UI access.
Basic understanding of IP addressing, subnetting, and routing.
The static IP address for your host device.
Sign in to the Admin Web UI.
Click User Management > User Permissions.
If there is no entry for the host user account, add one by entering the username in the "New Username" box and clicking Add. (For example: "Branch Network Gateway.")
Check the user's box for Allow Auto-login to facilitate seamless reconnection.
Click on the More Settings icon.
Configure user settings:
Under IP Addressing select Use Static for Select IP Addressing.
Enter the static IP address in the VPN Static IP Address text box.
Under VPN Gateway, select Yes and enter the client-side subnet in the text box, Allow client to act as VPN gateway for these client-side subnets.
Enable static routing on your host device (this depends on your device, so refer to your router documentation, etc., for specifics).
Access the router's configuration interface.
Add a static route for the VPN subnet.
If you're using a Linux client as the gateway, enable IP forwarding:
Connect to the terminal.
Run this command to enable IP forwarding, allowing it to route traffic between networks:
sudo sysctl -w net.ipv4.ip_forward=1
Consider the following scenario to illustrate the setup:
User: Fred connects to the VPN from his home.
Network Setup: Fred's home PC has two network interfaces—one connected to the internet via DSL and another to a test network (192.0.2.0/24).
Objective: Allow other users on the VPN to access the test network.
Fred connects to the VPN using a VPN client on his main PC. After following the steps above, you can make the test network accessible to other VPN users, including users on a back-end network in the office.