Re: VPN Gateway
- From: "Bill Grant" <not.available@online>
- Date: Fri, 25 May 2007 09:43:19 +1000
I don't know where you got those numbers from. The subnet mask certainly
shouldn't be 255.255.255.255 and a gateway address is not relevant.
The server itself will get an IP address of 192.168.21.n and the
client will get an IP address of 192.168.21.m from the address pool. This is
the point to point link between the client and server. The client will get
its own received IP address as its gateway. This means that its default
route is to the VPN server via the point to point link.
You do not need any static routes on the client. It sends traffic across
the link to the VPN server by default. You do need to enable IP routing on
the VPN server so that it can route between the two IP subnets. If the VPN
server was the default gateway of your LAN, it would now work. LAN machines
send traffic for 192.168.21. addresses to the default gateway (the VPN
server) and it sends it over the VPN link to the client.
If the VPN server is not the default gateway of your LAN it doesn't
work. The traffic for 192.168.21.x goes to the default gateway which doesn't
know where to send it. The private traffic has to go to the VPN server first
so that it can be encrypted and encapsulated. The easiest way to achieve
that is to add a static route to the gateway router to bounce the private
traffic to the VPN server. (If you can't add this route to the gateway
router you will need to add it to every machine on the LAN which you need
the remote clients to see). eg
192.168.21.0 255.255.255.0 192.168.0.27
The RRAS server then encapsulates the packet with a public IP before it
gets to the gateway router. It can then be sent through the Internet to the
client's public IP.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:05DE66EC-A657-4A81-8C46-826BB6E87BAD@xxxxxxxxxxxxxxxx
Ok Bill, so i put a second subnet to the vpn clients
at the moment i put Ras giving another subnet ip's to the remote clients,
and looks like this:
ip: 192.168.21.2 (192.168.21.1 to 192.168.21.20)
subnetmask: 255.255.255.255
gateway: 192.168.21.2
dns: 192.168.0.11 (is my lan dhcp)
i can't ping the lan ip's and i think is because the static routes.
what i have to configure in there?
"Bill Grant" wrote:
NO, that won't help. As I outlined earlier, you are using on-subnet
addresses. No "real" IP addressing is taking place because all the IP
addresses are in the same IP subnet. IP routing only works between
subnets.
Your setup can only work by using the VPN server as a proxy for the
remote.
If that doesn't work, you will need to use off-subnet addressing.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E803E52A-A4CB-4780-80F1-53B0809874C2@xxxxxxxxxxxxxxxx
So, my RRASS is using DHCP wich is provided by DC of my lan(i configure
as
a
CHCP Relay Agent) and gives the correct address to my remote clients,
and
i
configure thit static route:
Interface: 192.168.0.27 (is the public interface)
Destination: 192.168.0.0
Network Mask: 255.255.255.255
Gateway: 192.168.0.1 (is my lan gateway)
Metric: 1
With this configuration i can't ping any of my Lan ip's. But it's seems
that
i have the correct ip:
the ip for my remote client:
ip: 192.168.0.164
subnetmask: 255.255.255.255
gateway: 192.168.0.164
dns: 192.168.0.11 (is my lan dhcp)
wins: 192.168.0.11 (is my lan wins)
what i'm doing wrong?
PS: enable ip routing is checked
"Bill Grant" wrote:
If you set the RRAS server to use DHCP, the RRAS server leases a
batch
of addresses from DHCP to use as its address pool. The clients do not
get
their network config directly from DHCP, but from the RRAS server as
part
of
the PPP setup. Since these addresses come from your DHCP server they
are
in
the same IP subnet as your LAN machines.
To put the remotes in their own subnet you use the static address
pool
instead. Set up a pool of addresses in another IP subnet (say
192.168.21.1
to 192.168.21.20). The inernal interface in RRAS and the client(s)
will
now
get IP addresses in this subnet.
To route between the remotes and the LAN you need to enable IP
routing
on the RRAS server. You might also need extra routing on the LAN if
the
RRAS
server is not the default gateway of your LAN.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B23E79F1-E85E-4296-9B21-365475435297@xxxxxxxxxxxxxxxx
Thanks for your answer bill....
so my question is, how can i put the remote users in their own
IP subnet and route this subnet through the VPN server ??
My network ip is 192.168.0.X and my VPN Server have 2 ip's on for
external
and one for internal...
can you help-me? thanks again
"Bill Grant" wrote:
A remote access connection (dialup or VPN) just gives you an IP
connection between the client and the server. If you can ping the
server,
your VPN connection is working.
You have given your remote client an IP address in the same IP
subnet
as
the LAN machines. This is called on-subnet addressing. Networking
to
machines on the LAN depends on the VPN server doing proxy ARP on
the
LAN.
The VPN server acts as a proxy for the remote machine, sending the
packets
across the point-to-point link. Some switches do not handle this
very
well.
If this is your problem you will need to put the remote users in
their
own
IP subnet and route this subnet through the VPN server (ie
off-subnet
addressing).
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1A19E527-D753-4E55-B0AE-20C66B3225AB@xxxxxxxxxxxxxxxx
But Why i can't ping other computers in my network? even the dns
servers i
can't ping?
what i should do?
Thanks
"Bill Grant" wrote:
No it should not! The gateway you see is correct. The gateway
address
should be the received IP address. This indicates that the
gateway
address
of the VPN client is the PPP interface, which is what you want
it
to
be.
Traffic which is not local will go across the PPP link. Whatever
your
problem is (and you didn't say what it was), the gateway address
is
not
the
cause.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C172E77D-F132-4CF9-8108-7B08DA6B8B82@xxxxxxxxxxxxxxxx
Goo Day to All,
I create a vpn and all configuration are ok, except the
gateway
so my ipconfig /all are:
PPP adapter GMMP:
Connection-specific DNS Suffix . : tiago.loc
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-35-51-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.176
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.176
DNS Servers . . . . . . . . . . . : 192.168.0.11
192.168.0.11
Primary WINS Server . . . . . . . : 192.168.0.11
What is wrong is that gateway should be 192.168.0.1 and not my
own
ip
address, how can i change that gateway configuration?
Thanks
.
- Follow-Ups:
- Re: VPN Gateway
- From: Phillip Windell
- Re: VPN Gateway
- From: Tiago
- Re: VPN Gateway
- References:
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Tiago
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Tiago
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Tiago
- Re: VPN Gateway
- Prev by Date: Hosted file server
- Next by Date: User Activities
- Previous by thread: Re: VPN Gateway
- Next by thread: Re: VPN Gateway
- Index(es):
Relevant Pages
|
