Comments on: VPN Problems

By: JJB

JJB — Fri, 04 Mar 2005 04:27:23 +0000

Oh and I forgot to specify that I did that setup before you suggested it, hence lunch instead of 150 bones :-)

By: JJB

JJB — Fri, 04 Mar 2005 04:25:46 +0000

Thanks Josh. That’s exactly what I did in the end actually. The only problem now is that since the remote machine doesn’t consider centerline.net in the secure group, it just hits the router using en0, so the router and web and mail server don’t think that it’s local.

Solution is to run my own dns server. Although even then people will _have_ to be on the vpn in order to hit the web server.

Gah.

Maybe more expensive routers take care of these things.

Anyway thanks anyway Josh. Since you are the only one who responded I will buy you lunch sometime.

By: Josh Myer

Josh Myer — Wed, 02 Mar 2005 08:40:40 +0000

Oh, and if you’re not going to be in town for a bit: check the VPN IP block assignment. You’re interested in the Remote Secure Group: it’s usually 192.168.2.0/255.255.255.0. You’ll probably want to add this to your configurations. Alternately, you can change your Local Secure Group to 192.168.1.0/255.255.255.128 and your Remote Secure Group to 192.168.1.128/255.255.255.128 . This will cut your two subnets in half, but should be fine. You’ll still have 126 Local IPs and 126 VPN IPs, without having to change any server configs. You _will_ want to twiddle the settings of any static IPs you have, though.

All that said: you really want to just add 192.168.2.0/255.255.255.0 (or whatever your Remote Secure Group is) to your server configs as “local” addresses.

By: Josh Myer

Josh Myer — Wed, 02 Mar 2005 08:32:52 +0000

Drop me a line of when you’re in CH next; it’ll be a lot easier for me to look at this from one the VPN (i could troubleshoot it without that, but it’s a total pain in the butt =).