Need help with Site to Site
Posted: Sat Jan 26, 2019 5:24 pm
Hello.
We are setting up a site to site VPN server. We have two different LANs at two different places. One of our networks, the "HQ" has a router with built in DHCP, which can be disabled. Same on the other network. The HQ's DHCP server is configured to give out IP addresses on the subnet 192.168.1.0/24 while the remote location's configured to have the subnet 192.168.0.0/24. Please note, that so far this is all without the VPN bridge/server. The goal is to be able to access all the devices on one location from the other, on the same IP address as they are in the real location, without the need of installing the VPN client.
After adding the VPN bridge on the remote location and adding the VPN server in HQ, we have followed the documentation on creating a site to site VPN. Unfortunately, IP routing doesn't work for us, as the router in the HQ doesn't support IP forwarding, and we are stuck with that router. So we have opted for the second method, that is using the L2 Bridge, however we are unsuccessful, and by that I mean that the site to site is not working. How it's not working? Well, if I type the IP address of a device on the remote network in the browser of a device in the HQ, it won't show up the website running on the remote device.
So the current setup is the following:
- VPN server (in the HQ) has two virtual hubs: HQ and Remote.
- The VPN bridge (in the remote location) has also a virtual hub, which is cascade connecting to the Remote virtual hub on the VPN server.
- The virtual hub on the VPN bridge (in the remote location) has a local bridge set up to the physical network it's inside.
- The HQ virtual hub on the VPN server (in the HQ) has a local bridge set up to the HQ's physical network.
- On the VPN server, there is a Layer 3 Switch which has two different virtual interfaces set up in the following way:
IP address / Subnet Mask / Virtual Hub Name
192.168.0.254 / 255.255.255.0 / Remote
192.168.1.254 / 255.255.255.0 / HQ
What I suspect the issue is, is that instead of two virtual hubs on the server - one for the Remote, one for the HQ - we would only need one, and both the VPN bridge should be cascade connecting to it, and the local bridge to the HQ's network should be on it as well. Is this correct? We have set up the two virtual hubs on the server back when we tried the IP routing method, which we realized wouldn't work on our router.
Another question that pops up, is that if it would work on the one virtual hub, and the two networks would be connected there would be two DHCP servers running. One on the remote location, and one in the HQ - would they not conflict due to them assigning IPs to two different subnets, or would they conflict, in this case if I disable one of them, the other would be assigning IPs to all devices on both physical LANs on the same subnet. I have seen that there is a DHCP function on the VPN server under the SecureNAT section. Would I need to disable the DHCP servers on both routers and enable it on the VPN server in order to achieve having two different subnets for the two physical LANs?
Thank you.
We are setting up a site to site VPN server. We have two different LANs at two different places. One of our networks, the "HQ" has a router with built in DHCP, which can be disabled. Same on the other network. The HQ's DHCP server is configured to give out IP addresses on the subnet 192.168.1.0/24 while the remote location's configured to have the subnet 192.168.0.0/24. Please note, that so far this is all without the VPN bridge/server. The goal is to be able to access all the devices on one location from the other, on the same IP address as they are in the real location, without the need of installing the VPN client.
After adding the VPN bridge on the remote location and adding the VPN server in HQ, we have followed the documentation on creating a site to site VPN. Unfortunately, IP routing doesn't work for us, as the router in the HQ doesn't support IP forwarding, and we are stuck with that router. So we have opted for the second method, that is using the L2 Bridge, however we are unsuccessful, and by that I mean that the site to site is not working. How it's not working? Well, if I type the IP address of a device on the remote network in the browser of a device in the HQ, it won't show up the website running on the remote device.
So the current setup is the following:
- VPN server (in the HQ) has two virtual hubs: HQ and Remote.
- The VPN bridge (in the remote location) has also a virtual hub, which is cascade connecting to the Remote virtual hub on the VPN server.
- The virtual hub on the VPN bridge (in the remote location) has a local bridge set up to the physical network it's inside.
- The HQ virtual hub on the VPN server (in the HQ) has a local bridge set up to the HQ's physical network.
- On the VPN server, there is a Layer 3 Switch which has two different virtual interfaces set up in the following way:
IP address / Subnet Mask / Virtual Hub Name
192.168.0.254 / 255.255.255.0 / Remote
192.168.1.254 / 255.255.255.0 / HQ
What I suspect the issue is, is that instead of two virtual hubs on the server - one for the Remote, one for the HQ - we would only need one, and both the VPN bridge should be cascade connecting to it, and the local bridge to the HQ's network should be on it as well. Is this correct? We have set up the two virtual hubs on the server back when we tried the IP routing method, which we realized wouldn't work on our router.
Another question that pops up, is that if it would work on the one virtual hub, and the two networks would be connected there would be two DHCP servers running. One on the remote location, and one in the HQ - would they not conflict due to them assigning IPs to two different subnets, or would they conflict, in this case if I disable one of them, the other would be assigning IPs to all devices on both physical LANs on the same subnet. I have seen that there is a DHCP function on the VPN server under the SecureNAT section. Would I need to disable the DHCP servers on both routers and enable it on the VPN server in order to achieve having two different subnets for the two physical LANs?
Thank you.