Re: RRAS two way (pptp) vpn possible?
- From: "Bill Grant" <not.available@online>
- Date: Mon, 25 Aug 2008 15:03:38 +1000
See inline.
"markm75" <markm75@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A4CC8733-7731-48FE-8E88-A43F26A8DEEB@xxxxxxxxxxxxxxxx
No, the RRAS server already has a route to the Dedicated server, because
you can ping it! This is set up automatically when you establish the VPN
connection.
What you need is a static route on the DPM server so that it will send
traffic for the Dedicated server to the RRAS server (so that it can go
through the VPN tunnel).
Assume that the dedicated server has a private IP of 192.168.1.11 and the
RRAS server has a private IP of 192.168.100.11 . On the DPM server you would
need to add a static route to send traffic for 192.168.1.11 to
192.168.100.11 eg
route add -p 192.168.1.11 255.255.255.255 192.168.100.11
(If you do a route print on the RRAS server while your VPN is connected,
you will see that the RRAS server has a host route to 192.168.1.11 through
the tunnel).
Now when the DPM server tries to contact the dedicated server, the packet
goes to the RRAS server which forwards it through the VPN tunnel to the
dedicated server.
The reply comes back through the tunnel (because the dedicated server
knows where the 192.168.100.0 subnet is) and the RRAS server delivers the
packet directly because it has an interface in the same subnet as the DPM
server.
This does not give you an encrypted connection from one server to the
other. The traffic is only encrypted between the VPN endpoints.
IPSec can be tricky to set up unless you are familiar with
certificates.
That makes good sense.. i went to attempt this, but ran into an issue..
It seems... on this dedicated server, that there isnt a private ip address
at all..
It is apparently bound to external ips (about 3 or 4 of them).. ip addresses
like 64.239.x.x etc..
Well, it has a private IP as soon as it connects to your LAN by VPN!
So, on the dpm server, what route should i be adding? (pick an external
address in this case instead?)
No, that won't work.
Sortof side question.. if i wanted this to work on all machines in the
domain not just the dpm server, would i need to find a way to do the static
route in the sonicwall gateway (instead) (fairly easy to find in their
interface)?
Why would you want a static route to the Sonicwall? That is where the traffic goes by default. You only need a static route if you want it to go somewhere other than the default gateway.
If the dedicated server is on a public network, your best bet is to use IPSec. VPN is designed to link remote clients to a LAN (ie the client is "virtually" on the LAN) or to link two private LANs together (site-to-site VPN). Your existing dialup-type clients are an example of the first type. What I was suggesting is a variation of this method. Although it is designed to link a client to a LAN, you can use it backwards to access the client from the LAN.
You do not really have two private sites to link, so that method isn't an option.
To set up a secure link between two servers, IPSec is the tool to use.
.
- Follow-Ups:
- Re: RRAS two way (pptp) vpn possible?
- From: markm75
- Re: RRAS two way (pptp) vpn possible?
- References:
- RRAS two way (pptp) vpn possible?
- From: markm75
- Re: RRAS two way (pptp) vpn possible?
- From: Bill Grant
- Re: RRAS two way (pptp) vpn possible?
- From: markm75
- Re: RRAS two way (pptp) vpn possible?
- From: markm75
- RRAS two way (pptp) vpn possible?
- Prev by Date: Re: Two domains on one physical LAN
- Next by Date: Re: Event ID 11 - Source KDC
- Previous by thread: Re: RRAS two way (pptp) vpn possible?
- Next by thread: Re: RRAS two way (pptp) vpn possible?
- Index(es):
Relevant Pages
|
