dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1782

Mitt
@67.180.161.x

Mitt

Anon

Multicast across subnets on a site-to-site IPSec VPN using two USG50s

I have two USG50s configured for a permanent VPN using IPSec. I am able to access computers across the VPN but I really want to route multicast traffic across. I've done a bunch of Google searches and seen similar requests but nothing that seems to actually answer the question.

Basically I just want the tunnel to appear for all intensive purposes like a very long ethernet cable!

The two sites (of course) have different subnets (192.168.1.x and 192.168.10.x). And, yes, I understand that the whole theory of multicast is that it doesn't cross subdomains. But what the heck good is an expensive switch/firewall if I can't override this and forward the packets?

Has anyone gotten this to work?
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

Not very standard thing if I remember correctly, I think cisco got some helper applications in their devices to do this.
Which basically takes the multicast packets and encapsulates them and send them over to the other gw that decapsulates and pushes it on.

But you could try to add the multicast ip range to your vpn tunnel and see if that helps, I doubt it.

Mitt
@67.180.161.x

Mitt

Anon

Yeah, I know that this isn't a typical business setup. It actually isn't a business setup at all. It's the setup between my main house and a vacation cabin. Based on the Google searches, I'm not alone in trying to do this type of setup. Basically, I'd like devices in both houses to believe that they are on the same network.

I have everything working so that I can directly access devices across the VPN link. The problem is just (of course) that many consumer devices want to use broadcast discovery. So things like the DVRs and Sonos devices won't talk across the link.

FWIW, I'd be happy enough to have both networks actually use the same subnet (e.g. 192.168.10.x) if that made life easier. I have about 60 IPs in one location and 20 in the other being used.

But as far as I can tell, I can't really setup the IPSec VPN connection such that they were on the same subdomain and even if I did, the multicast packets wouldn't route.
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

I doubt that its possible to do with any ZyXEL VPN device and IPSec, I asked them to put multicast support for the IPSec vpn on the feature request list about 8 years go, but

Maybe a GRE/L2TP connection might work? As such GRE tunnels can tunnel multicast/broadcast, but not sure about the implementation on the ZyXEL devices.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Click for full size
Well, I can only offer Zyxels SSL VPN connection as a possibility. When you activate whole tunnel connection, the netbios broadcast becomes available. You can select which address objects and applications are available.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano to Mitt

MVM

to Mitt
Looks like the next FW will have GRE over IPSec. With any luck that should help you accomplish what you need.

...as seen here »Re: GRE over IPSec

Mitt
@50.150.65.x

Mitt

Anon

Cool. I guess I'll just wait and see when that comes out and what it will let me do. Fingers crossed....