WRT54G VPN endpoint

Discussion in 'Networking & Security' started by Rix2357, Nov 15, 2005.

  1. Rix2357

    Rix2357 [H]ard|Gawd

    Messages:
    1,274
    Joined:
    Sep 15, 2001
    I am using sveasoft's alchemy firmware and I've filled in the information so that the router can act as a VPN endpoint. When I dial in, it does connect, but I can't do anything useful like access folder shares or the computer itself behind that network though. Is there any other configurations that I missed?
     
  2. BollWeevil

    BollWeevil Limp Gawd

    Messages:
    373
    Joined:
    Feb 9, 2005
    Can you ping any computers behind the router? Make sure the subnet of the local machine you are connecting from does not overlap with the subnet of the IP assigned through the VPN tunnel.
     
  3. Rix2357

    Rix2357 [H]ard|Gawd

    Messages:
    1,274
    Joined:
    Sep 15, 2001
    Make sure the subnet of the local machine you are connecting from does not overlap with the subnet of the IP assigned through the VPN tunnel.



    Help me decipher this :p. I'm still a n00b at networking.

    Router (wrt54gs) is assigning a dhcp range of 192.168.1.100 to 149. I set the router to assign vpn connection ips of 192.168.1.150 to 192.168.1.155. I probably only need 1 though.

    From the remote site though, I get an IP address anywhere from 192.168.1.100 to 150 also. Is it possible that that router (netgear rp614v2) could be messing up the packets or do I need to mess with the dhcp setting on one of the sites to make it so that they don't overlap?
     
  4. BollWeevil

    BollWeevil Limp Gawd

    Messages:
    373
    Joined:
    Feb 9, 2005
    That sounds like the problem. So basically it sounds like the remote machine has an address of say 192.168.1.100 before it connects to the VPN. When you connect, Windows now has another network connection of 192.168.1.150. But because the addresses are on the same subnet, but different connections, TCP/IP is confused which connection to use for destinations on this subnet. Say you try to ping 192.168.1.1. Does it think it is on the local ethernet connection or across the VPN?

    The answer is this is determined by your routing table. You can see this by opening a command prompt and typing "route print". My guess is the local network is taking priority over the VPN network. The easiest solution is to change either your home network or remote network to be in a different subnet (such as 192.168.2.x). This way, when you VPN in, it knows 192.168.1.x addresses are local, and 192.168.2.x addresses are located over the VPN connection.

    There are other methods you could use such as statically adding routing table entries, but require a little more knowledge to implement.