cancel
Showing results for 
Search instead for 
Did you mean: 

Lan to Lan VPN alongside normal WAN traffic - possible?

tarquel
Grafter
Posts: 76
Thanks: 4
Registered: ‎18-08-2007

Lan to Lan VPN alongside normal WAN traffic - possible?

Hi all
Hopefully... the title says it all but let me *try* and explain...
I have the following setup:
ADSL line ----------------- Zyxel Prestige 660HW-T1  [running in Bridge mode] ------------------ Linksys WRT54GL 1.1 [connected to the Internet WAN port - running DD-WRT 24 SP1 VPN]
Now, as you would probably guess, the Linksys gets the Zyxel to connect up and everything works rock solid.... which is nice - i hardly ever get the internet dropout [i.e. can be up for months without a d/c etc] so its a good setup.
Now I use a VPN client on my work laptop to connect to work. Works fine... no problem with that either.
What i want to achieve is a LAN-to-LAN VPN connection [i.e. we have small sites connected using ADSL with a LAN to LAN VPN connection so the gear is all working great on the work LAN] but i dont want it to take over all the outgoing traffic of my router / network.
What Im after is to set this up so its only available on a specific port on my router i.e. say Port 4 of the Linksys router.
This way my normal home traffic can be seperate to the LAN-to-LAN VPN connection, but I dont need to have a additional device running.
Another point of this would mean that i dont have to have the VPN client on the work laptop and as soon as i connect my work laptop to port 4, I'm on the work network [I do alot of OS rebuilds and stuff that all needs to be tested, so it would be really useful to have this in this fashion]
Is this at all possible on:
a)  plusnet's connection?
b)  my hardware?
I do wonder whether I'd need to have two static WAN IP's to do this, than just the normal static one you get with the plusnet setup.
There is a possiblity of getting a Cisco ADSL VPN router [cant remember the model offhand but as one of the guys in the team told me, the Cisco's can be setup with different profiles possibly that would allow such a task as far as the router is concerned].
I have created a thread on the DD-WRT forum but alas, I must not have explained it well as I havent had any replies to it yet.
The thread is here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=39485
Hoping that some knowledgeable sorts will know about this.
Many thanks for any light that can be shed on this currently dark tunnel Wink
Cheers
Nathan.
22 REPLIES 22
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

It all depends what you wan to do on the works Lan. You can very simply map a network drive so your say p drive is the lan at work or to be more precious the pc's drive on the Lan at work. You can map more drives so you can connect to other pc's and as such print to their printers. You can RDP into a pc and use the printers Lan etc. All that is needed for this is for the ports to be open at work.
If you want to do more please explain what you need to do
tarquel
Grafter
Posts: 76
Thanks: 4
Registered: ‎18-08-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

Hi samuria
Thanks for the quick reply but, with respect, i dont think you understand what i mean.
Naturally, I know what i can do on the works lan... i work there lol and everything you mention is a small fraction of what i do there.... its getting the lan to lan vpn link to work - if its at all possible with the setup described.
Thanks anyhow though Smiley
Nath.
techguy
Grafter
Posts: 2,540
Registered: ‎12-09-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

In a nutshell you want all traffic going in via port 4 to be directed to the IP of the VPN concentrator on your work LAN while all other traffic is directed at the default gateway.
Think I got a handle on what you want to do just not sure if its possible on what you are using.
I have tried in vain to find some English documentation for DD WRT, do you know if any exists as my german is not so good  Smiley
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

So what do you want to do other than map drives, print rdp? The problem with most of these setups is DNS as one lan doesnt  know the dns setting of the other you can use ip ok but its like trying to connect to exchange by name you can have fun with
MuppetGrinder
Grafter
Posts: 151
Registered: ‎10-10-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

The only way I can think of getting done what you want to do is to swap out the Linksys and replace it with an  XP PC using 3 NIC's
Set it IPSec security pollicies up so that the IPSec rout from your work terminates at 1 NIC, your own seporate lan subnet operates on the 2nd NIC and the 3rd NIC connects to your modem/router.
Enabeling the IPRouting Service in XP will let the PC rout traffic efectively to and from all NIC's
Although I'm guessing you will be wanting a couple of switches too right enough
tarquel
Grafter
Posts: 76
Thanks: 4
Registered: ‎18-08-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

correct techguy... thats exactly what I'm after Smiley
I did notice you mention vlan before the edit and thats what i think i have to use to route that port 4 from the rest. I've had a dabble and it all looks good, but im not there quite yet hehe
They've put online help as it were on the router's firmware but in all the places it matters for advanced stuff, theres none there hehe.
I take it you've looked here:
http://www.dd-wrt.com/wiki/index.php/Tutorials
The wiki is the only real place where I've found docs of use [not for this particular thing, but in general].
I can show u screenshots of any the screens in the router if it helps [obviously with the target gateway not shown on here].
P.S. Thanks MuppetGrinder... I did think of that but i really trying to keep the devices to a minimum i.e. rather run a router that a full blown pc Wink Its not that I'm overly "green" or anything, i dont have teh space for it [not being allowed to have a input in the other rooms in the house = the missus is boss and all that Wink hehe]
EDIT: forgot to mention that this firmware is the most fully featured firmware I've ever seen in a router [and i've seen a lot of the years] of course perhaps to products of Cisco, etc.... so if its down to just configuration, I recon it should be doable Smiley
Cheers guys....
Nath.
techguy
Grafter
Posts: 2,540
Registered: ‎12-09-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

I zapped the vlan ref as I feared I was talking out of my behind (I should point out I'm in the process of studying networking and embarking on a CCNA next year but I shall do what I can)
MuppetGrinder
Grafter
Posts: 151
Registered: ‎10-10-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

I hear you about the missus mate  Grin
All I can think to try is that you set up an IPSec gateway running on a different subnet within the Linksys, and hope that it can translate the traffic accross.
eg - your work is on 192.168.1.0  your home is 192.168.2.0 so set up a gateway in the Linksys using a local secure group of 192.168.3.0 and Remote secure group of 192.168.1.0
Biggest problems I can see you having with that though is running DHCP over both the subnets, unless your router supports a second subnet - I haven't played with the model you using.  Also I don't know if the router is able to cross over the gateway IP from one subnet to another, It's not somthing I have had the need to play with (or the opertunity since the only thing I have set up using a VPN router is our internal phone system - which people seem to get unduly upset about when I play with it)
Other than that - you got me.
If you get somthing that works though I'd love if you could post it and let us know
mcgurka
Grafter
Posts: 764
Registered: ‎09-10-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

You could always look at pfsense (http://www.pfsense.org/) it would require to be run on a "pc", but you would only need 2 nics.
It supports site to site vpn over IPsec in itself, but can also pass traffic through to the WAN if it is not reachable over VPN.
to control, you could use IP fitlers (again, which is a point & click setting) from within the web interface to control who can go where..
Ive setup a fair few of these, and they seem to work quite well.
techguy
Grafter
Posts: 2,540
Registered: ‎12-09-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

Hmmmm
So really its interface rather than port forwarding to be technically correct.
Give me 24 hours or so to wade through that wiki ( I confess I didn't look thoroughly but was the small hours and I was only up because I was downloading a linux distro using my free bandwidth)
tarquel
Grafter
Posts: 76
Thanks: 4
Registered: ‎18-08-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

hehe cheers MuppetGrinder Wink
Quote
eg - your work is on 192.168.1.0  your home is 192.168.2.0 so set up a gateway in the Linksys using a local secure group of 192.168.3.0 and Remote secure group of 192.168.1.0

Indeed.... and I've kinda got that setup. The router allows you to setup a seperate DHCP server on the VLAN's you create, and the VLAN's can have different scopes etc., so as far as the router having that side of things, its is pretty much covered and looks right.
Its the VPN connection to the work Cisco VPN Concentrator that is twisting my noodle really at the moment as I'm not sure how the OpenVPN part of the router can work with it all. The VPN stuff seems pretty different in places in this router compared to where you configure in a Zyxel VPN Router [although that makes the whole unit LAN to LAN VPN....theres no options i know of where that can be different - we use them at work to set up the LAN to LAN VPN sites].
Thanks for the info about pfsense mcgurka. Looks interesting, but again, needs a PC so again isnt a option for me really, but handy to know about Smiley
and Thanks techguy.... look forward to hearing your thoughts on it Smiley
BTW Theres no rush to any of this... its just me coming up with a idea of how i'd like it setup at home, and i just think it would provide a nice way of doing things for certain employees that want to lock a lan-to-lan vpn only to one port of their router, so they can surf on their home pc's without all their traffic hitting the work network hehe Smiley
Cheers folks
Nath.
MuppetGrinder
Grafter
Posts: 151
Registered: ‎10-10-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

I know this is a hastle, but could you stick up a couple of screens on how the VPN setup screens look? (even better, screens from both the Linksys and the Cisco conc' too?)  If I can gt a look at the screens I might be able to sus out the method - or, more than likely, commend you on already geting further than I could.  Although I have set up VPN's using a variety of weird and not so wonderfull devices, I have never had the pleasure of getting my grubby mits on a C.V.C. and the only linksys I can use for comparison is the BEFVP41 (which to the best of my knowledge isn't even supported any more ;D)
techguy
Grafter
Posts: 2,540
Registered: ‎12-09-2008

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

Hi
My study of that Wiki has been somewhat interrupted by other issues.
Gonna give it a good hard stare tomorrow as its my day off but yes please post a couple of screengrabs as it will help immensely.
tarquel
Grafter
Posts: 76
Thanks: 4
Registered: ‎18-08-2007

Re: Lan to Lan VPN alongside normal WAN traffic - possible?

sorry guys...
have been off work for a while myself so forgot all about this hehe
I'll try and throw up some screenshots for ya later on this week.
Cheers.
Nath