VPN help

Discussion in 'Windows Desktop Systems' started by Autocrosspicturesnet, Sep 26, 2006.

  1. Autocrosspicturesnet

    Autocrosspicturesnet OSNN One Post Wonder

    Messages:
    7
    I am trying to get 2 small offices connected via point to point VPN. I am trying to send very large files back and forth and at the rate it is taking to get this VPN up and running, it would be quicker to burn them to DVD and drive them over!!!! :eek:

    I am using 2 Netgear FVS114 VPN routers. I used the VPN wizard to setup both ends with the recommended settings. I am using the built in DHCP in the routers to doll out IPs. I have setup the 2 internal LANs with 192.168.1.XXX and 192.168.0.XXX.

    One end is a T1 with the LAN using 192.168.1.XXX range, the other is DSL using a dsl modem that has the outside IP on the modem, then it gives a local 192.168.1.XXX address to the connected device - router or PC. The dsl modem has an internal LAN address of 192.168.1.1, which you can use to access the web interface for the modem. The DSL LAN is the 192.168.0.XXX so as not to conflict with the modem 192.168.1.1 IP or the LAN at the T1 office.

    I can get the VPN connection established and all seems OK on the VPN status, but I cannot connect PCs from one side to the other. I cannot ping anything from one end to the other, including being unable to ping the router at the other end. I think the problem is related to the fact the DSL modem holds the external IP and also to the fact that it is using 192.168.1.1 for its internal LAN (which is also the default gateway for the LAN at the other office).

    Would it help to step up the IP range on one or both LANs so as not to be in the same range as the modem? Can I do something with the subnet masks? Should I reverse the IP layout for the 2 offices and then set the router connected to the DSL modem to 192.168.1.2 (one step above the modem) and set the default gateway to that IP?

    There are so many possibilities that I am at a loss as to which to try next.... Please, please help! TIA.
     
  2. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    A simple thing which you may need to do because the network wizard sets default "inconveniently"!

    Checkout the TCP/IP properties for your VPN connection - advanced - untick the option to connect through the default gateway.

    I only use VPN "client side" to connect for work, so cannot help in complete detail - but this could be helpful - post back and others may chip in too..

    [edit]No idea if this could be still relevant, but last time I was looking into VPN in any detail this issue had come up with SP2 - might be useful background reading? [/edit]
     
    Last edited: Sep 26, 2006
  3. Autocrosspicturesnet

    Autocrosspicturesnet OSNN One Post Wonder

    Messages:
    7
    Not sure this would be the case as there are no TCP/IP properties for the VPN connection. It is just 2 gateways connecting, there is no client side software installed on the PCs. I will look out for this issue if and when I try to setup PC clients to connect to the VPN from the outside (assuming of course that I want to work from home and get work files, yeah right! :) ).

    Thanks for the help though.
     
  4. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    if there are no tcp/ip properties I suspect you have not set things up right - there should be... at least in the way I understand VPN to be used to tunnel.... Maybe you are using the technology another way, but if so I suspect that may be a part of your problem.... one maybe should be a gateway and the other not? There's stuff out there on this, I do not have time right now, but it should not be hard to find and I think if I understand right the machine you are using at home, the one connecting up to the network through VPN, where you make a connection and enter the IP addie of the other side - well that side should have these properties... and likely the default may not be what you want....

    But maybe you know more than me and can discount my understanding....

    Where's the other guys that know about this, I forget who - was it madmatt? Or maybe j79zlr? I forget, but someone out there knows more than me! (well actually a lot of people out there ;) )
     
  5. Autocrosspicturesnet

    Autocrosspicturesnet OSNN One Post Wonder

    Messages:
    7
    This setup is between 2 offices, they are small, but they are regular offices. It is basically a tunnel for the offices, not neccessarily for any given PC on either LAN. The 2 routers maintain the tunnel and the PCs just use the tunnel to go back and forth between offices. In theory, the VPN should be able to be setup and work independent of any PCs on either LAN.

    I've done lots of digging before I started this little adventure. It seemed pretty straight forward and all the info I have found since also seems to say basically the same. I can find stuff on the theory of how VPN works, the basic howtos to setup up the 2 basic kinds, and even some stuff on netgears site that is helpful, but I can't find anything useful when it comes to troubleshooting the connection. I think its related to the IP ranges and subnets, but all the info I can find says basically that the 2 LANs need to be on different ranges, but not much else, or any mention if the subnet masks should be anything other than the 255.255.255.0 normally used.
     
  6. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    OK your last post makes it clearer to me what is going on - and that use of VPN is not one I am familiar with.... so I think I shall bow out at this point - though I'll follow the outcome with interest because I think you should get more replies somewhere down the line as the other side of the pond gets its dinnertime mitts on the thread, so to speak...

    [edit] Just noticed your username makes the thread margins "bumpy"... surprised we do not have a guidline on that, given signatures are restricted.... but I guess the latter is a bandwidth thing and column widths are unrestricted! :D [/edit]
     
  7. CipheR

    CipheR OSNN Junior Addict

    Messages:
    30
    You are working under similiar conditions to the networking we do with 8 of our satellite agencies. In your case, both of your offices on separate networks ranges, which definitely should be set up with the 255.255.255.0 masks.

    The question however is have you tried setting routes on individual PC's so that they know how to correctly get to the PC's on the other LAN.

    Give the ROUTE ADD command a try on one of the PC's in each network and try to ping between those PC's. This problem is usually just caused by the computers not knowing how to find each other.
     
  8. Autocrosspicturesnet

    Autocrosspicturesnet OSNN One Post Wonder

    Messages:
    7
    I'll give that a try, I had hoped to set this up with out having to get into manual routing, but I guess I may have missed something in my reading that had mentioned having to setup routes between the points.

    Thanks for the suggestion.