Re: VPN and Routing in one box


"Rome On Crestes" <romeoncrestes@xxxxxxxxxxxxxxxxxxx> wrote in message
news:e9SEi.16757$gR1.5033@xxxxxxxxxxxxxxxxxxxxxxxxx
Fred Marshall wrote:
I need a router that can be a VPN end point AND will route packets coming
out of the VPN.

Any suggestions for a simple router that will do this?

Thanks,

Fred

Linksys RV042 will do that.

Oh! How I wish that were true as I have a number of them on hand! I have
done a number things to make them do it and have become convinced that they
can't. I'd be very happy to be found deficient in my thinking / testing or
configuration.

Here is the scenario:

Subnet 1 < VPN > Subnet 2 > [router] > Subnet 3
192.168.1.0 192.168.2.0 192.168.3.0

Packets originate in Subnet 1, destined for Subnet 3.
The VPN (Subnet 1 end) is the first hop.
When packets arrive via the VPN at Subnet 2, they have to be routed to a
particular router / IP address on Subnet 2, which is the next hop in order
to be further routed to Subnet 3.
Thus, a route has to be effective at the Subnet 2 end of the VPN that sends
packets destined for Subnet 3 to the router on Subnet 2.
(The return path is already taken care of separately).

That route might look like this:
192.168.3.0 255.255.255.0 192.168.2.199 where .199 is the
address of the router on Subnet 2.

Here is the setup I used:

Subnet 1 < RV042 VPN > Subnet 2 > [router] > Subnet 3
192.168.1.0 192.168.2.0
192.168.3.0

The RV042 Tunnel goes from 192.168.1.0 to 192.168.3.0
The Subnet 2 RV042 VPN end LAN is on subnet 2.
The static route in the Subnet 2 RV042 points packets destined for Subnet 3
to the [router] on Subnet 2.

Packets destined for Subnet 3 are routed to the VPN on Subnet 1.
When they come out of the VPN, there needs to be something to tell them to
go to the [router] as the next hop.
Thus the static route.

I have rather conclusively shown that the static route does nothing. So, I
wonder what I'm missing?

---
What one can't do is to have the "forward" VPN Tunnel defined between Subnet
1 and Subnet 2. Then packets destined for Subnet 3 won't *enter* the tunnel
at the source end. Thus, it appears a static route at the receiving end is
necessary. Then a separate tunnel between Subnets 1 and 2 can be used as
the return path without this kind of problem.

Thanks,

Fred


.

Relevant Pages

  • Re: Can VPN be tested from inside the network?
    ... PPP adapter WTA VPN: ... both the remote client and the SBS are ... on to the router configuration page and change the router's IP address ... to something on another subnet e.g. 192.168.10.1. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN and Routing in one box
    ... Any suggestions for a simple router that will do this? ... Packets originate in Subnet 1, ... The VPN is the first hop. ... should be sent through the VPN gateway at 192.168.2.0 and you ...
    (comp.dcom.vpn)
  • Re: need help installing openVPN
    ... The subnet for the VPN must not conflict with the subnet being used for ... ethX to talk to your your router or any other local subnets. ... The VPN uses ... tun0 as though it were a real interface. ...
    (alt.linux)
  • Re: need help installing openVPN
    ... The subnet for the VPN must not conflict with the subnet being used for ... ethX to talk to your your router or any other local subnets. ... The VPN uses ... tun0 as though it were a real interface. ...
    (comp.os.linux.security)
  • Re: VPN and Routing in one box
    ... Packets originate in Subnet 1, ... The VPN is the first hop. ... When packets arrive via the VPN at Subnet 2, they have to be routed to a particular router / IP address on Subnet 2, which is the next hop in order to be futher routed to Subnet 3. ...
    (comp.dcom.vpn)