said by videonerd:
I'm sure I'm not the only person who's thought of this, I just don't know what it's called... Our family's spread out across the country but is there a way to configure the routers to pass LAN traffic to each other so we can share printers, files, etc. but yet each house retain their Internet connection? Neither the parental units nor sibling are tech savvy, thus why I want the set-it-and-leave-it config if possible.
Now, I understand that iTunes Home Sharing only works within a subnet only and not across VPNs? I want access to my entire iTunes library while I'm on the road with my laptop.
So... something like
if 192.168.x.x then send through VPN
else send to yonder fluffy cloud
Network config (all cable, dyn IP w/DDNS):
Me: Juniper SSG5, Mac & PC
Parents: WRT54g w/ Tomato, PC
Sister: Asus N16 w/ Tomato, Mac
Any help would be appreciated! Thanks!
For a single VPN connection, you can simply setup the VPN client to not use the VPN connection as the default gateway (as shown in the screen shot of one of the VPN connections on my notebook below). With the VPN client setup that way, all normal Internet traffic goes through whatever Internet connection is in use, and all traffic for the LAN in my office goes through the VPN tunnel.
Since I am currently using that notebook, and it is connected to my guest router (which is totally isolated from my LAN), I connected to my LAN via that VPN link so that I could show you how it works:
The above ipconfig information shows that I have both a public Internet connection, and a separate VPN tunnel to my LAN. The traceroutes show that a connection to an Internet site uses the public Internet directly, but a connection to my Windows XP workstation on the LAN goes through the VPN (the multiple ms transit times are the clue that the LAN traceroute goes out to the Internet through the VPN; a direct connection to the LAN would show transit times of <1 ms).
I have never tried to setup a pseudo wide area VPN by simply using multple VPN sessions on a single PC, but that might work. The caveat would be that each of the VPN endpoints would need to be on a separate private IP subnet; if everyone uses 192.168.1.x/24 it will not work (nor will it work for even a single VPN session if both the client and host have the same IP subnet).
Anytime I have worked with VPNs that are used to create a distributed LAN, it was always done by having the remote locations connect to a master host VPN server, and that server would handle the routing between the remote clients if that was needed (and the remote VPN clients would need to be setup so that the VPN connection was not their primary gateway). And again, each of the VPN endpoints need to be on different private IP subnets. In your case, since you have a Juniper SSG5, that box should be able to handle the task of being the master VPN server for all of the remote clients (and if you don't need communication between the VPN clients, that would greatly simplify the Juniper SSG5 setup).
Once IPv6 becomes the primary transport, such things will be simplified, but for now (especially if some clients are mobile, and don't always have control over the connection being used), that is just something to look forward to, and not a viable option for most people.
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny.