Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Site to site VPN


  • Please log in to reply
22 replies to this topic

#1 ph7ryan

ph7ryan

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 04 August 2012 - 02:18 PM

Alright. I have 2 sites, A and B.

Site A is my home LAN, and has my desktop, laptop, and any other devices I choose to add to it. Site A also has a WRT54GL with tomato installed, and openvpn enabled.

Site B has a Dynex DX-E402 router, so no chance of linux or openvpn running. Instead, it has my server (WHS) and another couple of desktop computers, and other devices on it.

I want to connect the two sites so that I can see all of the devices on LAN A and LAN B from LAN A. I can't switch routers, because I need the wireless access at site A. How would I get a VPN to connect both LANs without buying a new router.

I was thinking if I could connect the router and server (server as VPN server, router as client), I could bridge the connection between the LAN and the VPN. But I have absolutely no idea how to do this or if it is even possible. Does anyone wanna shed some light on my situation?

Thanks,
Ryan

BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:52 PM

Posted 04 August 2012 - 03:22 PM

What version of Windows Home server are you running? What is the Sever functioning as, Domain, File, Mail?

Edit: What VPN software are you using? Cisco? Windows?

Edited by Sneakycyber, 04 August 2012 - 03:31 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 04 August 2012 - 03:27 PM

What version of Windows Home server are you running? What is the Sever functioning as, Domain, File, Mail?

Edit: What VPN software are you using? Cisco? Windows?


Sorry, just realized how vague the first post was.

OpenVPN is installed on both the server and the router. I am using WHS, and it is functioning as a file server, that backs up the local computers regularly, but has many media files and word documents for work.

#4 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:52 PM

Posted 04 August 2012 - 03:45 PM

On site B Install OpenVPN on the server and forward the configured ports in the router. Follow this guide for the server setup. Follow this guide for the Tomato setup. I apologize I don't have the exact answer for you. There are ALLOT of set up variables to be decided during set up and I have not set up a VPN using OpenVPN or tomato yet.

Edited by Sneakycyber, 04 August 2012 - 03:45 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#5 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 04 August 2012 - 03:59 PM

On site B Install OpenVPN on the server and forward the configured ports in the router. Follow this guide for the server setup. Follow this guide for the Tomato setup. I apologize I don't have the exact answer for you. There are ALLOT of set up variables to be decided during set up and I have not set up a VPN using OpenVPN or tomato yet.


Thank you for that information. I actually do have the server side setup, and I was able to connect to it from a desktop using a cellphone as the modem, but not see any shared files for some reason. I didn't have the ports forwarded though so that was probably it.

I was actually more concerned about how to bridge the connections. Would I simply be able to highlight the VPN connection, and the LAN connection, right click, and then select "Bridge" like any other connection, and now the entire LAN would be visible? Thanks.

#6 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:52 PM

Posted 04 August 2012 - 05:45 PM

Here is OpenVPN's instructions. I will read them in a little bit and see if I can offer any advice. This topic is one I have been interested in doing for quite sometime. I have a two extra routers and I have one with DD-WRT loaded I am going to Set up a VPN into my home network so I can remote desktop from work instead of using Teamviewer all the time. Sounds like a good project for this weekend. Also if you have an Android phone, or tablet This app is AWESOME

Edited by Sneakycyber, 04 August 2012 - 05:47 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#7 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:52 PM

Posted 04 August 2012 - 10:17 PM

Seems the Answer to your question is Yes, Although there are a few settings in OPENVPN you need to set as well.


Bridge Server on Windows XP
This configuration requires Windows XP or higher on the bridge side. To my knowledge, Windows 2000 does not support bridging, however a Windows 2000 machine can be a client on a bridged network, where the other end of the OpenVPN connection where the bridging is occurring is a Linux or Windows XP machine.

When OpenVPN is installed on Windows, it automatically creates a single TAP-Win32 adapter which will be assigned a name like "Local Area Connection 2". Go to the Network Connections control panel and rename it to "tap-bridge".

Next select tap-bridge and your ethernet adapter with the mouse, right click, and select Bridge Connections. This will create a new bridge adapter icon in the control panel.

Set the TCP/IP properties on the bridge adapter to an IP of 192.168.8.4 and a subnet mask of 255.255.255.0.

Next, edit the OpenVPN server configuration file to enable a bridging configuration.

Comment out the line which says dev tun and replace it instead with:

dev tap
dev-node tap-bridge

Comment out the line that begins with server and replace it with:

server-bridge 192.168.8.4 255.255.255.0 192.168.8.128 192.168.8.254

If you are running XP SP2, go to the firewall control panel, and disable firewall filtering on the bridge and TAP adapters.

At this point, the bridging-specific aspects of the configuration are complete, and you can continue where you left off in the HOWTO.


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#8 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 04 August 2012 - 10:26 PM

Here is OpenVPN's instructions. I will read them in a little bit and see if I can offer any advice. This topic is one I have been interested in doing for quite sometime. I have a two extra routers and I have one with DD-WRT loaded I am going to Set up a VPN into my home network so I can remote desktop from work instead of using Teamviewer all the time. Sounds like a good project for this weekend. Also if you have an Android phone, or tablet This app is AWESOME



The instructions are more catered to setting up VPN. I have already done that process, and already gotten a connection. I really just don't know how to get the connection bridged.

#9 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 06 August 2012 - 10:25 PM

Thanks so much! Got the config file to connect over a tethering connection and see several computers on the network. The problem is that it can't see ALL of the computers. Not even the server that it is connected to. If I switch to wifi, without changing any settings I see all the computers I need, but I switch to vpn with tethering, the server goes away. I most importantly need the server. How would I fix this issue?

#10 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:52 PM

Posted 09 August 2012 - 01:10 AM

When you "see" computers are you able to ping their IP adresses. To begin, bridge the networks and ping the server's ip address if your get a reply your VPN is mostly configure properly. make sure you are pinging the server and not another machine on your local network with the same address as the server. If you can ping a computer from site A on the Network on site B the brigde is sucessfull. If you can ping one computer and not another make sure they (the two pc's on site B) are on the same Lan, subnet, workgroup or make sure the routing is configard properly in the config file What type.of authenticaion are using? Are the troulbe computers Running home edition.?

Edited by Sneakycyber, 09 August 2012 - 01:19 AM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#11 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 09 August 2012 - 08:11 AM

When you "see" computers are you able to ping their IP adresses. To begin, bridge the networks and ping the server's ip address if your get a reply your VPN is mostly configure properly. make sure you are pinging the server and not another machine on your local network with the same address as the server. If you can ping a computer from site A on the Network on site B the brigde is sucessfull. If you can ping one computer and not another make sure they (the two pc's on site B) are on the same Lan, subnet, workgroup or make sure the routing is configard properly in the config file What type.of authenticaion are using? Are the troulbe computers Running home edition.?


I was having problems with pinging any of the computers, but I was able to see a live view of shared folders over completely different gateways. I made a new text file, and updated the name and it all changed when I clicked refresh on the tethered laptop.

All of the computers are on the 192.168.1.xxx subnet. The server is static at159. The Vpn computer gets the ip 192.168.1.230 which is well beyond any of the dhcp computers on the Network so there's no ip conflicts.

The server is really the most important computer that I can't see and it is running whs which is based on server 2003 I believe. I am only here for 2 more days so I need to figure this out ASAP.

#12 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 09 August 2012 - 08:43 AM

Update: OK almost there. Idk what it was, but I restarted the server and tried it again, and I saw all of the computers over VPN flawlessly over OS X and Windows 7. The last thing I need to do is use the configuration files to connect my tomato router to it. It is pretty straight forward, but I do have one question...

I set up the keys and configuration files a while ago, so I don't remember exactly what type of auth I have, but it is definitely the default one. TLS I think, no extra outgoing or incoming security.

The key files I have on the server side are "ca.crt", "vpn-server.key", "vpn-server.crt", and "dh1024.pem".

The key files I have on the client side are "ca.crt", "router-client.crt", "router-client.key".

My question (tl;dr):

What is the "static key" that tomato is asking for as a client, because I only have 3 keys and it works fine?

#13 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:52 PM

Posted 09 August 2012 - 07:03 PM

Post omitted for security.

Edited by Sneakycyber, 10 August 2012 - 09:17 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#14 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 09 August 2012 - 07:46 PM

Ok... The tomato router has 4 spaces for keys so ill have to just try plugging it into an ethernet port, and see if I can get the Lan with my current settings. I'll let you know.

#15 ph7ryan

ph7ryan
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia, USA
  • Local time:09:52 PM

Posted 09 August 2012 - 09:44 PM

I think I figured it out. Still haven't had the ability to test, but I realized that I had a "bi-directional" setting in "Extra HMAC authorization" selected. Disabled that, and the static key box went away. Now all I have to do is take the time to actually test it. I'll probably do it tomorrow, and if it works, I'll post my configuration files in case anyone else stumbles on this and wants the information.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users