I have a Draytek Vigor 2927ax router with built-in OpenVPN server at my main site on a static IPv4.
I'm trying to establish a VPN tunnel from a remote site using the OpenVPN client built in to an Asus AX11000 router; Internet access is via a Starlink connection which uses CGNAT. The router sees a WAN address of 100.102.x.x but whatismyip.com gives 145.224.x.x.
Conceptually what I'm trying to achieve is:
192.168.5.x <=> Draytek-2927 <=> WAN ---VPN--- WAN <=> Asus-AX11000 <=> 192.168.50.x
The VPN tunnel comes up and I can ping the LAN on the client side from the LAN on the server side: ping 192.168.50.10 receives replies.
But from the client side I can't ping the Draytek or anything on the LAN behind it: ping 192.168.5.1 fails. However a traceroute does appear to reach the Draytek:
C:\Users\x>tracert 192.168.5.5
Tracing route to 192.168.5.5 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms GT-AX11000-6E50 [192.168.50.1]
2 46 ms 45 ms 41 ms 192.168.5.1
3 * * * Request timed out.
4 * * * Request timed out.
...
This leads me to think that it's the Draytek that's blocking the traffic, perhaps because it appears to originate from a different IP address to the tunnel endpoint (due to the CGNAT).
I've tried temporarily disabling the firewall and defence features to unblock it but no matter what I try I can't reach the Draytek from the remote site.
Can anyone spot anything I've missed or suggest what to try next?
