Question : VPN (Connecting two networks)

I am currently working on a project to link two small networks together via a VPN tunnel.

Here is the information on the networks:

Network 1
Network - 192.168.0.*
      Gateway Information
      Freesco Router (www.freesco.org)
      eth0 - External Internet Address
      eth1 - Internal Address (192.168.0.3)
      Running DHCPd (All clients on network receive IP address from DHCP)

      VPN Server Information
      Operating System - Undecided
      eth0 - External Internet Address
      eth1 - Internal Address (192.168.0.57)

Network 2
Network - 192.168.100.*
      Gateway Information
      Freesco Router (www.freesco.org)
      eth0 - External Internet Address
      eth1 - Internal Address (192.168.100.1)
      Running DHCPd (All Clients on network receive ip address from dhcp)

      VPN Server Information
      Operating System - Undecided
      eth0 - External Internet Address
      eth1 - Internal Address (192.168.100.57)

My first question is regarding the freesco setup. What do I need to do to these two systems to make the two networks
routable?

For the VPN servers, which Operating system would be best? Currently I have a windows 2000 server (just running VPN server,
192.168.0.57) and an NT 4 Server which would act as the vpn client (192.168.100.57). Would this work?


I am trying to put together all of the information I can prior to the actual setup of everything so any information
or help people can provide would be great. I would prefer to stick with the windows 2000 VPN server and NT 4 as the client to connect the two networks.

Thanks,
- Lenny

Answer : VPN (Connecting two networks)

I'm not sure about NT4 acting as a VPN client.  They're may be an add-on that you can install, but I wouldn't bet on it.

Since you already have Win2k, that should be the OS to provide VPN services.

Ideally, both machines need to be Win2k.  Both will need to act as routers, as well.


So, you configure one as a VPN server, including a user account that will be used for this connection.  (As you've probably found out, the configuration wizard for RRAS provides a VPN option.  You may need to setup the router portion manually afterwards.  I suggest using the wizard to set it up as router and then as a VPN server.  Study the configuration of the two, then configure it manually.)

On the other machine you'll need a VPN connection to the VPN server's external IP address.  (This is simple, right-click on "My network places," select properties then double-click on "Make new connection.")

The two Win2k boxes will need routes that point through the VPN connection to the other network.  (The VPN would be the 'Internal' interface in RRAS.)

Now, I don't understand why the two VPN servers have an internal and an external IP address.  From my understanding, you're using two Linux boxes, running Freesco, to provide NAT and act as gateways.  They're the only things that should 'know' about the external IPs.  (Any other computers that you want to make use of this tunnel will now gateway through the VPN servers, which in-turn gateway through the Freesco routers.  The VPN tunnel is transparent to these machines.  They don't even know it's there.)

I'd expect to see this:

Freesco router:
eth0= external IP
eth1= 192.168.1.1

VPN server:
eth0= 192.168.1.2
eth1= 192.168.10.2

All other machines in the network would be in 192.168.10.0, using 192.168.10.2 as the gateway.

Mirror this for the other network, and change the two internal networks.



Now, the important thing is that the Freesco routers must have port mappings pointing from the outside to the VPN servers internal.  Look up the ports for PPTP and/or L2TP and forward these ports to the VPN servers in the Freesco routers.

Finally, the VPN addresses should be in a seperate network as well.


This all off the top of my head, so forgive me for any omitions or brevity.

-deq
Random Solutions  
 
programming4us programming4us