VPN with two Linksys Routers 1

[evilphantom]

Hope someone out there can help.

I have two Linksys routers [befvp41] on two different networks.
Network A = 192.168.164.0 and
Network B = 192.168.1.0

The VPN Connection seems active however I can't seem to browse the network.

I can Ping the following from Network B
The VPN router at 192.168.1.1
The Remote VPN router Network A 192.168.164.1

I can ping office1 which returns the public IP of the machine behind the VPN.

But when I try an ping any other machine behind the VPN router on Network A I get a time out.

I also cannot browse the shares on the other side.

AM I missing something. Thanks for the help

Dez

 

[markku]

"I can ping office1 which returns the public IP of the machine behind the VPN."

Do not quite follow you, do the machines have two IPs? Linky supports only one public IP for the whole LAN thru NAT.

The gateway of the machines behind linkys should point to Linky. If Linky is your secondary gateway you should put a static route to your main gateway for the traffic to your remote LAN pointing to LAN IP of local linky.

 

[evilphantom]

Sorry I guess I left some info out. I was using the linksys on a separate IP to test. Here is the format.

Office1: 192.168.164.1/216.xxx.xxx.100 -- INTERNET --209.xxx.xxx.xxx/192.168.0.1
VPN: 192.168.164.254/216.xxx.xxx.200--/

The gateway of the server is the same as the gateway of the VPN. If I understand your e-mail correctly I will need to setup the VPN Server on Office1 in order to see the rest of the network?

I was hoping that the entire network behind the VPN could be seen even though there was a public IP on one of the other Machines. BTW I should mention office1 is a Linux machine acting as a PDC. I hope this information helps. Thanks for the quick reply

Dez

 

[markku]

VPN routers are doing the IPSEC VPN, no other VPN servers needed.

Put your local server also behind NAT to the same network as the workstations Office1: 192.168.164.0/255.255.255.0. Yse Linky as a gateway. If you need access to your server from the NET use either VPN-client ( like SSH Sentinel ) or port forwarding if you are hosting services, like mail or www.

 

[evilphantom]

Okay I think I am still not being clear. I have two public IP's. One for the Server[office1] one for the VPN.
The Server is also on the NAT. Along side this is a VPN on a public IP and is Also on the NAT.

The Idea is to get the VPN up and running and then take the server off the public IP without disruppting anything.

So currently I have the two VPN routers connected. However I cannot see any of the shares on the network side of things...

 

[John Lewis]

Sounds like routing. I would assume that the Linux box was handling NAT at one time?

First, make sure that your remote secure groups are set properly on both routers. The 192.168.0 router should have the 192.168.164.0 network defined as the remote secure group and the 192.168.164 router should have the 192.168.0.0 network defined as the remote secure group.

The default gateway on all machines should point to the router on the local network, except for the Linux box. You will need to leave the default route on the Linux box as is, pointing to the ISP router. When you are ready to remove the static public IP there, you will change the default route at that time. For now, you will need to add a route to the 192.168.0 network via the router. Should be something like
route add -net 192.168.0 netmask 255.255.255.0 gw 192.168.164.1

You will need to be root to do the route add, and it will go away when you reboot. Report back your version of Linux (RedHat, Debian, etc and the kernel version -- 'uname -a' , the numbers only) if you need instructions for a more permanent route.

If there is/was a firewall on the linux box, you might need to adjust your rules to get a response. Again, report the details.

That should get you to the point that pings will fly if you use IP addresses instead of names. Make sure you use the private NATed IPs. If not, report the specific error message you are receiving from ping.

 

[evilphantom]

okay the route was added yet I am still getting a time out on the ping. but I have discovered something new.

At location B I can ping the remote VPN router at the addresss 192.168.164.254 but I cannot ping any other host within the 192.168.164 network.
Pinging gives me a time out [this is a windows box]

At location A I cannot ping the remote router at 192.168.1.1 or any host within the 192.168.1 network.
pinging doesn't respond [linux box]

BTW the Route was added to the 192.168.164.1 [linux server] as shown here:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.164.0 192.168.164.254 255.255.255.0 UG 0 0 0 eth0

.164.254 is the VPN router.

Thanks

 

[evilphantom]

Thanks guys I just needed to configure a route on my VPN router in addition to the one on the server. That seemed to do it just now my connection is slow.... New problem, woohoo, it never ends!!!!

 

[rezeldazel]

would like to know if I set up two (2) branches (A & B) using Linksys VPN Router on each side,
can a remote computer with operating systems such as Mac or Windows be able to connect
to either branch A or branch B using their built-in VPN software.

This should apply to our current situation because we have a Plant(branch A), an office (branchB)
and mobile and home users (remote without Linksys VPN router) that needs to get connected
on either branch. Is this possible?

Please advise.

 

[markku]

Hi,

Everything is possible.

If you have PC, use SSH Sentinel as a client, see following thread with references:

http://www.dslreports.com/forum/remark,8394670~root=vpn~mode=flat

With MAC I have _heard_ the PGP makes an IPSec client software for MAC.

Another possibility for both is to use external USB/VPN device like Linksys USBVPN. Costs less than software.

 

[rezeldazel]

Markku, is it true that PC with Win2k Server OS, ICS installed cannot also used as VPN Server?

I want to setup my PC as a VPN Server, it is configured to be the Internet gateway (2NIC) and firewall for now with the following softwares:

Winproxy-as Internet Sharing
Norton Internet Security - as firewall

Please advise, thanks

 

[crabjoe]

Hey with the Linksys setup, can you browse the network without having to setup WINS or a Host file?

TIA.

 

[markku]

Hi Joe,

You can enable Netbios passthry in Linksys VPN routers and then you can browse the whole network.