Question VPN connection routing

[plener]

Hi!
Mi situation looks as follows:
image

I have a TP-Link TL-R600VPN VPN server with public static IP.
I also have another TL-R600VPN which acts as L2TP VPN client.
And standard PC which acts also as VPN client.

IP of VPN Server (VPN IP): 172.16.0.1
IP of client(TPLINK) 172.16.0.20
IP of PC (VPN) 172.16.0.3


I would like to be able to reach devices on LAN site of vpn client 172.16.0.20 in its local subnet 192.168.11.0/24 and I'm having though time on configuration.

FROM PC I can reach 172.16.0.1 (vpn server) and 172.16.0.20. (ping goes back).
FROM devices in LAN of 0.20 station I can ping only this 0.20 station.
FROM 172.16.0.20 router I can ping only 172.16.0.1 which is weird (because from PC I can reach server and another client).


How should I configure routing tables to make it work?

 

[mv2devnull]

If you had two machines A and B that you would plug into network switch, then A and B could talk to each other. Managed switch would have its own IP address, but that had no effect on the A-B communication.

In your scenario the VPN server is the switch. It could totally isolate the clients, but apparently it doesn't. Quite.
That is almost as it should be; if the server acts like a switch, then it is not a problem.
If not, then something in the server is not quite right.

The PC has two interfaces. It needs to know

default via internet
172.16.0.20 via vpn
to 192.168.11.0/24 via 172.16.0.20 (vpn)

That is, one explicit route.

The TPlink client has three interfaces that should:

default via internet
192.168.11.0/24 via local
172.16.0.0/24 via vpn

If the client has only "172.16.0.1/32 via vpn", then it does not know to send to PC via right interface.
The client might filter access between 192.168.11 and 172.16.0.