Lan to Lan VPN alongside normal WAN traffic - possible?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Lan to Lan VPN alongside normal WAN traffic - ...
Lan to Lan VPN alongside normal WAN traffic - possible?
21-10-2008 11:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hopefully... the title says it all but let me *try* and explain...
I have the following setup:
ADSL line ----------------- Zyxel Prestige 660HW-T1 [running in Bridge mode] ------------------ Linksys WRT54GL 1.1 [connected to the Internet WAN port - running DD-WRT 24 SP1 VPN]
Now, as you would probably guess, the Linksys gets the Zyxel to connect up and everything works rock solid.... which is nice - i hardly ever get the internet dropout [i.e. can be up for months without a d/c etc] so its a good setup.
Now I use a VPN client on my work laptop to connect to work. Works fine... no problem with that either.
What i want to achieve is a LAN-to-LAN VPN connection [i.e. we have small sites connected using ADSL with a LAN to LAN VPN connection so the gear is all working great on the work LAN] but i dont want it to take over all the outgoing traffic of my router / network.
What Im after is to set this up so its only available on a specific port on my router i.e. say Port 4 of the Linksys router.
This way my normal home traffic can be seperate to the LAN-to-LAN VPN connection, but I dont need to have a additional device running.
Another point of this would mean that i dont have to have the VPN client on the work laptop and as soon as i connect my work laptop to port 4, I'm on the work network [I do alot of OS rebuilds and stuff that all needs to be tested, so it would be really useful to have this in this fashion]
Is this at all possible on:
a) plusnet's connection?
b) my hardware?
I do wonder whether I'd need to have two static WAN IP's to do this, than just the normal static one you get with the plusnet setup.
There is a possiblity of getting a Cisco ADSL VPN router [cant remember the model offhand but as one of the guys in the team told me, the Cisco's can be setup with different profiles possibly that would allow such a task as far as the router is concerned].
I have created a thread on the DD-WRT forum but alas, I must not have explained it well as I havent had any replies to it yet.
The thread is here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=39485
Hoping that some knowledgeable sorts will know about this.
Many thanks for any light that can be shed on this currently dark tunnel
Cheers
Nathan.
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
21-10-2008 11:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you want to do more please explain what you need to do
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 12:14 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for the quick reply but, with respect, i dont think you understand what i mean.
Naturally, I know what i can do on the works lan... i work there lol and everything you mention is a small fraction of what i do there.... its getting the lan to lan vpn link to work - if its at all possible with the setup described.
Thanks anyhow though
Nath.
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 12:45 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Think I got a handle on what you want to do just not sure if its possible on what you are using.
I have tried in vain to find some English documentation for DD WRT, do you know if any exists as my german is not so good
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 12:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 4:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Set it IPSec security pollicies up so that the IPSec rout from your work terminates at 1 NIC, your own seporate lan subnet operates on the 2nd NIC and the 3rd NIC connects to your modem/router.
Enabeling the IPRouting Service in XP will let the PC rout traffic efectively to and from all NIC's
Although I'm guessing you will be wanting a couple of switches too right enough
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 4:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I did notice you mention vlan before the edit and thats what i think i have to use to route that port 4 from the rest. I've had a dabble and it all looks good, but im not there quite yet hehe
They've put online help as it were on the router's firmware but in all the places it matters for advanced stuff, theres none there hehe.
I take it you've looked here:
http://www.dd-wrt.com/wiki/index.php/Tutorials
The wiki is the only real place where I've found docs of use [not for this particular thing, but in general].
I can show u screenshots of any the screens in the router if it helps [obviously with the target gateway not shown on here].
P.S. Thanks MuppetGrinder... I did think of that but i really trying to keep the devices to a minimum i.e. rather run a router that a full blown pc Its not that I'm overly "green" or anything, i dont have teh space for it [not being allowed to have a input in the other rooms in the house = the missus is boss and all that hehe]
EDIT: forgot to mention that this firmware is the most fully featured firmware I've ever seen in a router [and i've seen a lot of the years] of course perhaps to products of Cisco, etc.... so if its down to just configuration, I recon it should be doable
Cheers guys....
Nath.
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 4:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 4:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
All I can think to try is that you set up an IPSec gateway running on a different subnet within the Linksys, and hope that it can translate the traffic accross.
eg - your work is on 192.168.1.0 your home is 192.168.2.0 so set up a gateway in the Linksys using a local secure group of 192.168.3.0 and Remote secure group of 192.168.1.0
Biggest problems I can see you having with that though is running DHCP over both the subnets, unless your router supports a second subnet - I haven't played with the model you using. Also I don't know if the router is able to cross over the gateway IP from one subnet to another, It's not somthing I have had the need to play with (or the opertunity since the only thing I have set up using a VPN router is our internal phone system - which people seem to get unduly upset about when I play with it)
Other than that - you got me.
If you get somthing that works though I'd love if you could post it and let us know
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 4:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It supports site to site vpn over IPsec in itself, but can also pass traffic through to the WAN if it is not reachable over VPN.
to control, you could use IP fitlers (again, which is a point & click setting) from within the web interface to control who can go where..
Ive setup a fair few of these, and they seem to work quite well.
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 4:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
So really its interface rather than port forwarding to be technically correct.
Give me 24 hours or so to wade through that wiki ( I confess I didn't look thoroughly but was the small hours and I was only up because I was downloading a linux distro using my free bandwidth)
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
22-10-2008 11:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote eg - your work is on 192.168.1.0 your home is 192.168.2.0 so set up a gateway in the Linksys using a local secure group of 192.168.3.0 and Remote secure group of 192.168.1.0
Indeed.... and I've kinda got that setup. The router allows you to setup a seperate DHCP server on the VLAN's you create, and the VLAN's can have different scopes etc., so as far as the router having that side of things, its is pretty much covered and looks right.
Its the VPN connection to the work Cisco VPN Concentrator that is twisting my noodle really at the moment as I'm not sure how the OpenVPN part of the router can work with it all. The VPN stuff seems pretty different in places in this router compared to where you configure in a Zyxel VPN Router [although that makes the whole unit LAN to LAN VPN....theres no options i know of where that can be different - we use them at work to set up the LAN to LAN VPN sites].
Thanks for the info about pfsense mcgurka. Looks interesting, but again, needs a PC so again isnt a option for me really, but handy to know about
and Thanks techguy.... look forward to hearing your thoughts on it
BTW Theres no rush to any of this... its just me coming up with a idea of how i'd like it setup at home, and i just think it would provide a nice way of doing things for certain employees that want to lock a lan-to-lan vpn only to one port of their router, so they can surf on their home pc's without all their traffic hitting the work network hehe
Cheers folks
Nath.
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
23-10-2008 9:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
23-10-2008 8:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My study of that Wiki has been somewhat interrupted by other issues.
Gonna give it a good hard stare tomorrow as its my day off but yes please post a couple of screengrabs as it will help immensely.
Re: Lan to Lan VPN alongside normal WAN traffic - possible?
03-11-2008 9:48 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
have been off work for a while myself so forgot all about this hehe
I'll try and throw up some screenshots for ya later on this week.
Cheers.
Nath
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Lan to Lan VPN alongside normal WAN traffic - ...