dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1141

SNT
Premium Member
join:2002-07-17
Satellite Beach, FL

SNT

Premium Member

VPN

Not sure where this goes....

Anyway, I have a site to site vpn setup which is working fine. Is it possible to client VPN into one side or the other and see both networks?

Thanks

bdnhsv
join:2012-01-20
Huntsville, AL

bdnhsv

Member

The short answer is probably yes, but I'm guessing you want some help designing it and figuring out how to accomplish it. For that, you'll need to supply information and diagrams about your current set up and what exactly you wish to accomplish.

SNT
Premium Member
join:2002-07-17
Satellite Beach, FL

1 edit

SNT

Premium Member

Yeah,
It was a generic question, but I cannot figure it out. I currently have two RV082s connected site to site. Everything behind these two can see all hosts on both networks, so this works fine
When I PPTP into one of the RV082s, I can only "see" that one side, I cannot see the other side of the site-to-site.

I also have two Sophos UTM120s connected site-to-site. I have the same issue with these when I client VPN into one of these boxes.

Being that I have the same issue with various equipment, my inquiry was more generic. I wasn't if what I wanted to do was possible.

I come up with a diagram if it helps....I need to do it anyway.

EDIT:
This is essentially the same..



I would like to client vpn into either side and see the hosts on both.

bdnhsv
join:2012-01-20
Huntsville, AL

bdnhsv

Member

I'd still suggest a diagram showing the connectivity of the devices including your internal IP addressing schemes. Later there may be questions that users will have as to current configurations of the devices, but I'd start with the current diagram and show where you want the other connections to be established.
bdnhsv

bdnhsv to SNT

Member

to SNT
I can't offer you a specific answer to a general question. Maybe someone else on here can.

SNT
Premium Member
join:2002-07-17
Satellite Beach, FL

SNT

Premium Member

said by bdnhsv:

I can't offer you a specific answer to a general question. Maybe someone else on here can.

I only asked if it was possible. I have not yet asked how to do it.

bdnhsv
join:2012-01-20
Huntsville, AL

bdnhsv

Member

Yes - it's possible.

eibgrad
join:2010-03-15
united state

eibgrad to SNT

Member

to SNT
Not only is it possible, I can't even understand what would be the usefulness of cross-site VPNs that could only access the VPN server itself. I guess ppl do it on occasion, but 99% of ppl would be expecting whole network access. Typically your VPN server will have an option to either allow or deny it. I know for my simple tomato VPN client/server, accessing the entire network is a non-issue and works by default. If the OP is having problems, it's probably some option that hasn't been enabled/disabled, or perhaps some firewalls rules that need to be configured.

SNT
Premium Member
join:2002-07-17
Satellite Beach, FL

SNT

Premium Member

I agree with everything you said. I will find what I am missing.
jimbopalmer
Tsar of all the Rushers
join:2008-06-02
Greenwood, MS

1 edit

jimbopalmer to SNT

Member

to SNT
If they are the older RV082, when you configure the VPN, use a Netmask of 255.255.0.0 on the 'remote' RV, the RV will complain, but allow this. (No idea if the newer ones allow this)

With a netmask of 255.255.0.0, your client will route ALL nonlocal 192.168 traffic to the VPN. With a netmask of 255.255.0 the 'central' RV will route traffic for the remote subnet , to the remote RV. The remote RV, with a netmask of 255.255.0.0 send all nonlocal 192.168 to the central RV and it will use a netmask of 255.255.255.0 to route it back to your client. (I assume your client is on a different 192.168 network than either site)

Hope that helps.

(I have only tried this with all RV routers)
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to SNT

MVM

to SNT
said by SNT:

I have a site to site vpn setup which is working fine. Is it possible to client VPN into one side or the other and see both networks?

Short answer : yes

Long answer : why would you want to?

Or is it a case of management saying "yours is not to question why, yours is to GET IT TO WORK!"

Regards

SNT
Premium Member
join:2002-07-17
Satellite Beach, FL

SNT

Premium Member

said by HELLFIRE See Profile

Long answer : why would you want to?
[/BQUOTE :

I do not see why not. There are servers on both ends that the EUs need access to.