jmpage2
join:2005-02-24
Littleton, CO
| reply to d_l
Re: [VPN] RV042 as VPN access inside single subnet office?
The thing that confuses me is that I've seen documentation (but of course can't locate it now) that indicates that you can have an RV042 behind another RV042 and have the VPN on the 2nd RV042 working. Also, there is a claim that someone has the RV042 working behind the MBR1000 for VPN access although no one can provide me with a sample config.
Very frustrating!  |
|
d_l
Barsoom
Premium,MVM
join:2002-12-08
Reno, NV
1 edit | reply to jmpage2
I don't think you can forward the VPN traffic through the Cradlepoint to the RV042 and then have the RV042 route the traffic on to the end devices on the LAN. I think you must have the public IP on the RV042's WAN.
If the Cradlepoint had public IP passthrough to its ethernet port, that would probably work fine. Some modems can make a PPPoE connection and passthrough the public IP, and I'm fairly sure these work ok with the RV042 in a VPN set up. |
|
jmpage2
join:2005-02-24
Littleton, CO
| reply to jimbopalmer
Jim,
Thanks for taking the time to answer. I'm not sure if I understand the question. Since the Cradlepoint is the only device with an external IP address that is the IP that I point my VPN client to. The Cradlepoint router than forwards the traffic on to the RV042 and the connection is made successfully. The problem is then that I can't get outside of the RV042 to any of the other devices on the office local subnet.
This is where I'm at a loss. What is missed in this situation? One to one NAT, etc?
Thanks. |
|
jimbopalmer
Tsar of all the Rushers
join:2008-06-02
Greenwood, MS
 ·Windjammer Cable
| reply to jmpage2
I use RV042s as site to site endpoints, with unique local IPs internally and unique public IPs externally.
As an example, one office may be 192.168.101.254, internally and 24.116.100.25 externally (not my IPs) The other office will also have a private IP internally (192.168.168.1) and a public IP externally. (67.48.192.22, also not my IP)
Now, in the VPN setup, we need public IPs in the destination IPs and a local IP as the adjacent subnet. I worry that you may be giving a local address to the VPN as the destination IP, as the WAN port of the RV042 is still 192.168.10.10, which is not a public IP. You can use whatismyip.com to find your true public IP address.
I have not done a nonpublic WAN IP, nor have I done Site to client VPNs, but no one else answered so I thought I would answer.
--
I tried to remain child-like, all I achieved was childish. |
|
jmpage2
join:2005-02-24
Littleton, CO
| Hi there guys, I've posted this in a few forums but have yet to get any satisfactory assistance in getting things to work.
At my wife's office we are using a Cradlepoint MBR1000 router with a Sprint/EVDO connection as her primary access point and source of internet connectivity. The Cradlepoint has the WiFi access in it also so it really needs to be the "head end" of the network. We are using the Cradlepoint + Sprint solution because there is literally nothing else available where she is. No DSL, no Cable, etc. It was either go with Sprint or put an antenna on her roof and pay $150 a month for 2.4mhz wireless access... or get a DS1 (overkill for her).
All of the hosts on the Cradlepoint are in the 192.168.10/24 subnet range.
I have an RV042 that I would like to use for VPN access into the office network using Greenbow VPN client so that she can access her office PCs, and also so that I can assist with support as well as system monitoring, etc, remotely.
I have wired the RV042 WAN port up to the same network switch that the MBR1000 is hooked up to and given it the static address of 192.168.10.10 (which is outside of the VPN scope).
I have put the 192.168.10.10 address into the Cradlepoint router as the DMZ address. The Cradlepoint supports IPSEC. I have created an access list rule on the RV042 that allows all traffic to pass through the WAN interface unrestricted.
I have followed instructions from Greenbow to configure their VPN client for connection to the RV042.
Here's the problem;
I can get the VPN client to connect and authenticate into the RV042. However, I can't reach anything in the remote network other than the LAN address of the RV042. For example if I make the LAN address of the RV042 10.0.0.1 then I can ping 10.0.0.1 but I can't get out to anything else. If I make the LAN address of the RV042 192.168.10.11 (same IP subnet as the rest of the network) I still can only ping 192.168.10.11.
What am I missing here? It seems to me that the RV042 should be either routing traffic to the MBR1000 for the local subnet (since the MBR1000 is set up as its default gateway) or it should be transmitting the "local" traffic out a local LAN port, but none of these configurations work.
If anyone has any ideas on getting this to work, I would love to hear them!
Thanks! |
|
