Posted: Thu Jan 06, 2011 22:02 Post subject: Configuring VPN PPTP Using WRT-54GL
Hello
I've been configuring my WRT-54GL with v24-SP2 firmware without issue. Works great!
My local LAN configuration has a router address of 192.168.1.1 and VPN addresses are being handed out from 192.168.1.10-192.168.1.20
Any VPN client need to reach a machine on the LAN with an address of 192.168.1.50
All works great except when the client attempting to login is on another LAN with same numbering scheme.
I tried to config the VPN connections to use addresses beginning with 192.168.2.10 - 192.168.2.20
This works and they get connected but they cannot reach 192.168.1.50
What do I need to do with the configuration for the clients to see the computer on the other subnet?
Add route entries and/or firewall rules to allow devices on each subnet to see each other ..
I am assuming you are setting the devices with a subnet of /24. If not, you will have to pay attention to the firewall rules you create. _________________ ===================================
1 * DIR-866L - 29193 Mega (Main Gateway)
1 * EA4200 - 29193 Mega (Main Gateway)
1 * EA6500 - 29193 Mega (Repeater Bridge)
1 * EA6500v2 - 29193 Mega (Repeater Bridge)
1 * WRT610N - 29193 Mega (Repeater Bridge)
===================================
WAN IP:
LAN IP:
Subnet Mask:
DHCP enabled:
DHCP Address Range:
VPN Client IP Address Range:
Gateway IP Address:
If your VPN Client Addresses are on a different subnetn than the WAN and LAN IP, you will have to establish a route (or firewall rules) to pass traffic across. _________________ ===================================
1 * DIR-866L - 29193 Mega (Main Gateway)
1 * EA4200 - 29193 Mega (Main Gateway)
1 * EA6500 - 29193 Mega (Repeater Bridge)
1 * EA6500v2 - 29193 Mega (Repeater Bridge)
1 * WRT610N - 29193 Mega (Repeater Bridge)
===================================
Yes, 192.168.1.50 i connected directly to the WRT-54GL
Some of the details I provided earlier are incorrect. This account is dynamic and the WAN address is using
XXX.noip.net
Here is a screenshot of the setup
The issue I need to fix is that when a client is outside of the network and has a local IP of 192.168.1.X it can't connect in because the remote LAN has the same schema.
Ok.. You have the classic case where you are using the same network address range as most 'public' LAN (wifi-hotspots, sbux, hotels etc).
One sure way to address the issue is to have a non 192.168.*.* network setup at the WRT54GL. This will avoid conflict with the external local network. Pick the 172.16.0.0 – 172.31.255.255 or 10.0.0.0 – 10.255.255.255. This will require you to 'possibly' re-ip your internal devices that have static IP's
Alternatively, you can try adding the following command to the openvpn CLIENT config file. This 'should' force the clients to use the VPN tunnel for all IP traffic.
Code:
redirect-gateway def1
Hope this helps. _________________ ===================================
1 * DIR-866L - 29193 Mega (Main Gateway)
1 * EA4200 - 29193 Mega (Main Gateway)
1 * EA6500 - 29193 Mega (Repeater Bridge)
1 * EA6500v2 - 29193 Mega (Repeater Bridge)
1 * WRT610N - 29193 Mega (Repeater Bridge)
===================================
I am not aware of a way for the PPTP server to 'push' a route to the client when a connection is established.
That said, it may be possible, I just don't know how to do it. If you do find out, do let me know. It would a learning for me.
OpenVPN on the other hand does provide the capability to push routes and other configs (DNS servers etc) to clients that connect. _________________ ===================================
1 * DIR-866L - 29193 Mega (Main Gateway)
1 * EA4200 - 29193 Mega (Main Gateway)
1 * EA6500 - 29193 Mega (Repeater Bridge)
1 * EA6500v2 - 29193 Mega (Repeater Bridge)
1 * WRT610N - 29193 Mega (Repeater Bridge)
===================================