| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 35639 | 2003-07-18 03:08:00 | Advice please - Walker Wireless VPN | CYaBro (73) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 160743 | 2003-07-18 03:08:00 | Anybody out there in PressF1 land using a Walker Wireless VPN? Customer has ites. 1st site: 2 PC's with IP's in 192.168.0.xxx - Gateway set to 192.168.0.254 VPN Access Point IP 192.168.0.254 2nd site: 4 PC's with IP's in 192.168.1.xxx - Gateway 192.168.1.51 IPCop PC with LAN (Green) IP 192.168.1.51 WAN (Red) IP 202.xxx.xxx.xxx (you don't need to know this :)) VPN Access Point IP 192.168.1.254 Problem is I can ping the VPN AP of the other site but nothing else. i.e. can't ping the IPCop PC 192.168.1.51 from 1st site 192.168.0.2. Any ideas how I get the PC's at each site talking to each other?? The PC's at 1st site are also supposed to be able to access the internet through the VPN via IPCop PC. The VPN access points have a cable plugged directly into the hub at each site as told to buy Walker Wireless. |
CYaBro (73) | ||
| 160744 | 2003-07-18 04:20:00 | The probable cause is there is no route to 192.168.0.0/24 on the IP cop unit. It will be sending these packets out it's internet interface. | BIFF (1) | ||
| 160745 | 2003-07-18 04:26:00 | To be more specific you will need to add a route for 192.168.0.0 mask 255.255.255.0 via 192.168.1.254. Ideally you would want to add a default gateway on the 192.168.1.254 VPN unit of the IPCop PC so that people in the remote VPN site can browse the internet. |
BIFF (1) | ||
| 160746 | 2003-07-18 06:03:00 | Cheers BIFF. I just figured that myself too! Have got the PC's talking to each other by adding a route to each. Went route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.254 and the same at the other side. But how do I add a static route to the IPCop PC??? |
CYaBro (73) | ||
| 160747 | 2003-07-20 22:20:00 | You might need to configure the routing from the command line. Perhaps some linux person could explain? I would refrain from putting persistant routes on workstations, as it can come back and bite you on the bum later. |
BIFF (1) | ||
| 160748 | 2003-07-20 23:43:00 | Thanks for the help! Got it sorted out. Did need to put a static route onto the IPCop PC. Did this by logging in as root then cd /etc/rc.d then edited the rc.local to add route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.1.254 Restarted the PC and tested. It all seems to be working fine now :) |
CYaBro (73) | ||
| 160749 | 2003-07-20 23:46:00 | Forgot to ask BIFF. Why would you refrain from putting static routes on Workstations? Am I right in thinking that now that I have the route on the IPCop PC (which is the gateway for the workstations) I can remove the static route from the workstations. Because if they try to access 192.168.0.??? it will go to the IPCop PC which should then route it correctly??? |
CYaBro (73) | ||
| 160750 | 2003-07-21 04:24:00 | If you rebuild the workstation you need to recreate the route, if you add another subnet (new VPN perhaps) you then have to go round and update the routes on all the workstations, if you want to change the IP address scheme you can't simply change the DHCP scope you need to visit each workstation. If you maybe expand and add a whole lot of workstations you then need to update them too. Whereas if you have a single gateway which is assigned to the workstations via DHCP you only need to add 1 new route. Your assumption about being able to remove the routes off each workstation should be correct, as long as the workstation's gateway (the IPCop unit) knows where to send the packet. Are the people in the remote VPN able to route to the internet? |
BIFF (1) | ||
| 160751 | 2003-07-21 04:52:00 | Yes, I have set a route on the IPCop PC so that they can access the internet at the remote VPN and all works sweet. And I can now remove the routes off the workstation and they will still be able to access the remote site via the VPN because of the route on the IPCop PC. :) I haven't actually done this yet but it will work because at the remote site I could ping the photocopier at the main site and that obviously doesn't have the route on it! (but it does have the IPCop PC set as the gateway) |
CYaBro (73) | ||
| 1 | |||||