Posted: Fri Oct 22, 2021 14:43 Post subject: Connect two networks (one remote) - OpenVPN?
Hi all - I'm hoping some of the advanced networking gurus can help simplify connecting two networks.
I have a Netgear R7000 running 46380 at home and a TP-Link C1900 running the same version at my business. I have QuickBooks running on a semi-dedicated machine at work that I access via RDP (both at work and home). To access from home, I use PPTP to "dial" to the work router and make the connection. It works fine, except when I'm connected via PPTP, I lose the ability to hit some local network resources (primarily printer, but also some other PCs/shared drives at the house). Similarly, when I PPTP from work to home, I lose the ability to print at work.
Ideally, (I think) I'd like to have both networks connected full-time, with access to all machines and resources from either location. This would allow me to RDP to work from home without having to first dial PPTP, as well as enable some offsite backup options for both work and home. I'd also like to not have it not bollox up local resources (printers) - it's a bit of pain having to log off PPTP to print something, then dial back in, then restart RDP. I *think* this would mean setting up OpenVPN server on the home router and setting up the work router as an OpenVPN client...is that correct? Internet from work can be routed through the home network if needed, but might be just as easy to route out directly.
I started reading the OpenVPN setup guide by @egc, but figured before I started trying to implement (and I'm a relative networking noob), I'd ask to make sure I'm heading down the right path. Any feedback or advice would be greatly appreciated.
There's nothing about using a VPN that necessarily precludes you from accessing local resources at the same time **unless** you've been provided w/ VPN access by your employer that's preconfigured to deny such access (e.g., a laptop). IOW, it's by design, and a matter of company policy, NOT a technical issue.
Is that the case here? Because if it is, it seems to me any attempt to circumvent those policies will lead to problems.
Thanks eibgrad - no issues with corporate policies. I'm the owner and sole employee, so I get to make whatever IT policies I want. There are no preconfigured policies that would/should block printing or resource access.
As an example, I will PPTP into the work network to use QuickBooks. At the same time, I will open Libreoffice Calc on my home PC and want to print a report to my local home printer...nothing prints until I terminate the PPTP. I do have access to printers enabled under the RDP Local Resources options, but still no love. I did add the printer via IP address (networked laser) versus machine name/network discovery, but didn't seem to matter.
Additionally, I would like to use the PC at work as an offsite backup location for my home files, and my Synology at home for an offsite backup for my work files. My hope was that having work's router as a VPN client hanging off of the home network, I would be able to see and share drives to accomplish this - backup would see it as just another drive.
Hi egc - that's how it's setup currently, although I'm guessing that could be causing issues. On setup screens for both home and work routers, I have the following:
Router IP - 192.168.1.1/24
Start IP Address - 192.168.1.100
Would I change the /24 on the work router to something else (/12?), change the start IP range to something out of bounds from my home router to prevent IP conflicts, or (C) all of the above?
Assuming this fixes my "printing while PPTP'd" issue (which would be awesome), would a permanent OpenVPN connection from work to home still be advisable/worthwhile? I don't want to sacrifice external Internet speed at either location, although at work I have a 200/10 connection and I'm the only person using it. What I'm envisioning (if this is what OpenVPN would let me do) is be able to access shared drives and printers at work from home (and vice-versa) without first needing to PPTP in...basically have work be an extension of my home network, connected via Internet instead of CAT6. Is that a thing, and if so, any drawbacks? PPTP works well enough for now, so if OpenVPN is going to be massive overkill (and/or a massive headache/performance hit), I can just keep doing what I'm doing.
Thanks again for all the help and advice - much appreciated...
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Oct 23, 2021 10:17 Post subject:
PPTP is old and deprecated and not safe to use so I stopped using it a long time ago but if memory serves me right PPTP is a routed VPN so your subnets must be different, but @eibgrad will correct me if I am wrong
So perhaps wait till he chimes in before you are making any changes.
But I would change the local IP address of one of the routers from 192.168.1.1 to 192.168.2.1
Keep the net mask at /24,
Reboot the router
I hope your printing problems are over now.
Like I said PPTP is old and obsolete and insecure so I would use OpenVPN or WireGuard both can be set up as site-to-site.
WireGuard is much easier to setup than OpenVPN and much faster but OpenVPN is the more mature platform.
PPTP *is* a routed VPN (it's often configured to give the impression it's bridged by having the PPTP client configured w/ an IP address from the remote network). And that is likely the cause of your problem w/ local printing. That would NOT happen if your home and office were using *different* IP networks.
As @egc says, using OpenVPN would be much preferred given all of PPTP's known weaknesses. And you could even consider having the home and office use the same IP network if you choose to create a *truly* bridged (tap) tunnel w/ OpenVPN rather than routed. Whether that makes good sense depends on several factors. But a bridged connection is much more seamless, and supports network discovery. But it then requires that you don't have any overlapping IPs assigned between home and the office, and that you block DHCP requests across the tunnel.
The best solution, provided you can live w/ the limitations of a routed tunnel, is a routed (tun) OpenVPN connection, but I wanted to at least leave open the possibility of a bridged tunnel, esp. if you control both sides of the tunnel, and you're the only one accessing either side.