How to access the internet by using VPN Server as a proxy gateway

There is a common requirement for a VPN connection, accessing the internet by using the VPN Server as a gateway. That’s to say all the traffic from VPN client will go through the VPN Server. It always be used to break some restriction of the local network or some other goals. To achieve that by a TP-Link SMB VPN Router, you may need to follow the guide.

Requirement:

For example, a remote client connect to the VPN Server by PPTP/L2TP Client to LAN VPN. Besides accessing the LAN of the VPN Server, he also want all his traffic can be sent to the VPN Server, and get to internet by using it as a gateway.

Note: Only the PPTP/L2TP Client to LAN VPN can achieve that.

Different VPN IP Pool setting has different ways to achieve our goal.

Case1. The same as VPN Server’s LAN subnet.

Step 1:

Set the VPN IP Pool. For example, the VPN Server’s LAN IP subnet 192.168.0.0/24 while the VPN address pool be set as 192.168.0.50-192.168.0.100.

Step 2:

Configure the VPN connection on the client. Once we finished the dial-up setting, a VPN Virtual adapter will be created automatically. Then we need to follow the VPN Connection---Properties---Networking---Internet Protocol Version 4(TCP/IPv4) ---Advanced.

Check the option Use default gateway on remote network. Which means all the traffic will use the remote gateway to get to the internet by changing the routing item of default gateway.

Case2. Different from the VPN Server’s LAN subnet.

Step 1:

Set the VPN IP Pool. For example, the VPN Server’s LAN IP subnet 192.168.0.0/24 while the VPN address pool be set as 10.10.10.100-10.10.10.200.

Step 2:

Keep the same as the setting on Case1.

Check the option Use default gateway on remote network.

Step 3:

Because the VPN Client IP Subnet is not the same as VPN Server’s LAN. So when the data transfer to the VPN Server, it will not be transmitted to WAN side. There is no such a routing on the routing table to deal with the traffic from unknown subnet. So we need to add a Multi-Nets NAT to achieve that.

Follow the Transmission---NAT---Multi-Nets NAT. Add an item of 10.10.10.0/24.

After that, the data from VPN clients can be transmitted to the internet normally.

Note: Some old version firmware (before 141031) has an option called Enable VPN to Internet on the configuration page of VPN. It has the same effect with the Multi-Nets NAT setting.