Why am I unable to access remote devices over Site-to-Site VPN even if the VPN connection status shows "Connected"?
Last updated:18 Dec 2023
Why am I unable to access remote devices over Site-to-Site VPN even if the VPN connection status shows "Connected"?
Symptoms
I am unable to ping devices deployed on a remote local network over a site-to-site VPN connection.
Resolution
Follow the instructions to troubleshoot the issue:
Ping remote devices from within the local network
- Pinging remote devices using the Network Tools on your Synology Router will not work as the Ping service on SRM will go through its WAN interface instead of established VPN tunnels. To test connectivity, ping remote devices from a device located within the local network.
Connect to remote devices via different protocols
- Ping failures might occur when the target remote device (e.g., a Windows PC) drops ping requests from different local area networks. Try connecting to the remote device using other protocols (e.g., FTP, CIFS, or AFP) to test its accessibility over your site-to-site VPN.
Ping other remote devices
- Ping packets might be dropped if the target device has multiple network interfaces. You can check the VPN connection by pinging other devices on the remote network. Alternatively, you can disconnect all Ethernet cables except the one that is connected with the VPN server on the target device.
Configure your network topology and routing
- Network routing is required for connecting separate networks when setting up a site-to-site VPN connection. If the Synology Router is not the primary router or gateway in both networks, a static route is required between your local device and primary router. This will ensure that network traffic is correctly redirected through the VPN tunnel. How to set up a static route depends on your network topology.