Jump to content

Serhio

Forum Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by Serhio

  1. Serhio
    Hello, I found a reproducible issue on Keenetic Giga KN-1012. Issue support request #654031 Environment: - Model: Keenetic Giga KN-1012 - KeeneticOS: 5.0.8 - OpenVPN server subnet: 10.84.0.0/24 - WAN interface: GigabitEthernet0/Vlan4 - Home subnet 192.168.1.0/24 - Web UI tested via: - http://10.84.0.1 - http://192.168.1.1 - http://my.keenetic.net - SSH access works in all scenarios from Home and OpenVPN1 segments Current routing/NAT logic: - WAN NAT is enabled on GigabitEthernet0/Vlan4 - OpenVPN clients are in 10.84.0.0/24 Problem: It looks like OpenVPN clients need the following directive in order to reach external resources through GigabitEthernet0/Vlan4: ip static 10.84.0.0 255.255.255.0 GigabitEthernet0/Vlan4 However, when this directive is present, local Web UI access starts failing with HTTP 403 Forbidden. Reproducible behavior: Case A — without: no ip static 10.84.0.0 255.255.255.0 GigabitEthernet0/Vlan4 Observed results: 1. 10.84.0.1 is accessible from OpenVPN client 10.84.0.2 2. my.keenetic.net is accessible from OpenVPN client 10.84.0.2 3. 10.84.0.1 is accessible from Home client 192.168.1.124 4. OpenVPN client 10.84.0.2 cannot access external resources that should go through GigabitEthernet0/Vlan4 Case B — with: ip static 10.84.0.0 255.255.255.0 GigabitEthernet0/Vlan4 Observed results: 1. 10.84.0.1 is NOT accessible from OpenVPN client 10.84.0.2 2. Web UI returns HTTP 403 Forbidden 3. my.keenetic.net is still accessible from OpenVPN client 10.84.0.2 4. OpenVPN client 10.84.0.2 CAN access external resources through GigabitEthernet0/Vlan4 5. 10.84.0.1 is also NOT accessible from Home client 192.168.1.124 Important note: - SSH access to Keenetic remains available on all interface addresses in both cases. - The issue affects Web UI access only. - A similar effect was previously observed with: ip static 192.168.1.0 255.255.255.0 GigabitEthernet0/Vlan4 In that case, replacing it with normal NAT for the Home segment restored HTTP access to 192.168.1.1. Expected behavior: - OpenVPN clients should be able to access external resources via WAN NAT - Local Web UI access via 10.84.0.1 and 192.168.1.1 should continue working - Enabling outbound NAT/routing for the OpenVPN subnet should not cause HTTP 403 on local management addresses Actual behavior: - The static directive for 10.84.0.0/24 appears to be required for outbound WAN access - But when enabled, it causes Web UI access to local management IPs to fail with HTTP 403 Could you please confirm whether this is expected behavior, a NAT/static routing side effect, or a Web UI management-plane bug? If needed, I can provide: - full running-config - exact test sequence - screenshots - self-test.txt Thank you.
×
×
  • Create New...