I have two Draytek 2930Vn firewall routers and I'm trying to setup a LAN to LAN VPN between home and office.
Each Draytek router is connected to a Netgear ADSL modem router which also has wireless clients on the RED side of my firewall routers.
Both ADSL routers have local IP range 192.168.1.x then my green networks inside the Draytek's will be 192.168.2.x and maybe .3.x but maybe not.
I'm assuming I need to set the ADSL routers to port forward the traffic on port 1723 to my Drayteks.
Any advice on that bit welcome!
Now to the green subnetting...
General advice seems to be to have the 2 LANs on different class-C subnets, even to put one on 10.x.x.x , I assume this is to avoid IP conflicts, which I think I can get around by allocating any fixed IPs and DHCP ranges carefully.
In the past (before attempting VPN) I've tried to use 192.168.1.x and 192.168.2.x on the same physical network and set the netmask to 255.255.252.0 throughout so that I expected everything to be mutually visible locally.
I found that although manual stuff and Linux worked fine, some Microsoft stuff, and various devices like NAS and Printers didn't - I think because either the drivers or firmware assumes 255.255.255.0 or maybe because they scan for valid devices but only scan the last octet from 0 to 255 and don't do the 10-bit range I specify.
To avoid these problems I'd like to split my network so that home is 192.168.2.1-127 and work is 192.168.2.129-255
Then I can set the Vigors to the appropriate DHCP ranges, with some space fixed in each range as well.
My question's:
1) Can I do this?
2) In the LAN setup at each end should the netmask be 255.255.255.0 or 255.255.255.128
3) Similarly in VPN setup for the Draytek you have to set the remote network's IP range and netmask, the IP range is just specified in examples as xxx.xxx.xxx.0 I presume the remote network IP for the work network viewed from the home router should be 192.168.2.128, but again what should the netmask be? x.x.x.0 or .128 ?
4) If the view is that I should use 192.168.2.x and (say) .3.x then how do I make my 192.168.2.?? network printers and network drives visible to my 192.168.3.?? PC's?
5) Am I right in concluding that networks that are wider than 255.255.255.0 have problems with devices discovering each other (printers, network drives, UPNP, Microsoft file sharing etc)?
6) Dumb question - what traffic actually appears on both sides of the VPN? is it everything in both IP ranges, somehow when my HP printer gets a new IP from DHCP, all the PC's know what it is (although the Canon one doesn't!!), how would this get across the VPN if the printer's on 192.168.2.x and some clients are on 192.168.3.x
I have searched for info on this, but most info seems to be for big networks with lots of subnets, or it's basic explanation without going into the details.
I don't really understand the mechanisms involved in handling submasks and traffic routing - I kind of assume that if a PC is tring to access a target IP outside it's masked subnet then it routes the request to the gateway. And then that VPN sort of overrides this so traffic is grabbed by the router and passed on even though the sender doesn't force it to be routed - is this anywhere close to correct?
If anyone can point me at a primer that will explain what actually happens at the various boundaries in terms of which addresses pass across routers, NAT, VPN, which will go to the internet and which are local only that would be good!
Thanks,
Ray
Each Draytek router is connected to a Netgear ADSL modem router which also has wireless clients on the RED side of my firewall routers.
Both ADSL routers have local IP range 192.168.1.x then my green networks inside the Draytek's will be 192.168.2.x and maybe .3.x but maybe not.
I'm assuming I need to set the ADSL routers to port forward the traffic on port 1723 to my Drayteks.
Any advice on that bit welcome!
Now to the green subnetting...
General advice seems to be to have the 2 LANs on different class-C subnets, even to put one on 10.x.x.x , I assume this is to avoid IP conflicts, which I think I can get around by allocating any fixed IPs and DHCP ranges carefully.
In the past (before attempting VPN) I've tried to use 192.168.1.x and 192.168.2.x on the same physical network and set the netmask to 255.255.252.0 throughout so that I expected everything to be mutually visible locally.
I found that although manual stuff and Linux worked fine, some Microsoft stuff, and various devices like NAS and Printers didn't - I think because either the drivers or firmware assumes 255.255.255.0 or maybe because they scan for valid devices but only scan the last octet from 0 to 255 and don't do the 10-bit range I specify.
To avoid these problems I'd like to split my network so that home is 192.168.2.1-127 and work is 192.168.2.129-255
Then I can set the Vigors to the appropriate DHCP ranges, with some space fixed in each range as well.
My question's:
1) Can I do this?
2) In the LAN setup at each end should the netmask be 255.255.255.0 or 255.255.255.128
3) Similarly in VPN setup for the Draytek you have to set the remote network's IP range and netmask, the IP range is just specified in examples as xxx.xxx.xxx.0 I presume the remote network IP for the work network viewed from the home router should be 192.168.2.128, but again what should the netmask be? x.x.x.0 or .128 ?
4) If the view is that I should use 192.168.2.x and (say) .3.x then how do I make my 192.168.2.?? network printers and network drives visible to my 192.168.3.?? PC's?
5) Am I right in concluding that networks that are wider than 255.255.255.0 have problems with devices discovering each other (printers, network drives, UPNP, Microsoft file sharing etc)?
6) Dumb question - what traffic actually appears on both sides of the VPN? is it everything in both IP ranges, somehow when my HP printer gets a new IP from DHCP, all the PC's know what it is (although the Canon one doesn't!!), how would this get across the VPN if the printer's on 192.168.2.x and some clients are on 192.168.3.x
I have searched for info on this, but most info seems to be for big networks with lots of subnets, or it's basic explanation without going into the details.
I don't really understand the mechanisms involved in handling submasks and traffic routing - I kind of assume that if a PC is tring to access a target IP outside it's masked subnet then it routes the request to the gateway. And then that VPN sort of overrides this so traffic is grabbed by the router and passed on even though the sender doesn't force it to be routed - is this anywhere close to correct?
If anyone can point me at a primer that will explain what actually happens at the various boundaries in terms of which addresses pass across routers, NAT, VPN, which will go to the internet and which are local only that would be good!
Thanks,
Ray