Tom, I believe I have configured a very similar environment in my test lab, however I have used OpenVPN to do it. Basically, I have two pbx's linked via a VPN which passes my SIP traffic as well as anything else. Any client on the LAN side of either pbx can communicate with clients on the other LAN without using any VPN client s/w. My setup also supports "remote" clients (not located on either LAN) to connect to the OpenVPN server and have access to clients/servers located on both of the pbx LAN's. As long as the edge router in both locations supports port forwarding, the pbx's can exist behind the ISP's router.
I'm happy to share details of this setup if you are interested. Replicating this setup using IPsec is on my to-do list (which is quite long). -tm -----Original Message----- From: Tom Chadwin [mailto:[email protected]] Sent: Tuesday, October 02, 2012 1:31 PM To: 'AstLinux Users Mailing List' Subject: Re: [Astlinux-users] Astlinux VPN endpoint for clients not behind it Am I getting confused? I don't think I've explained myself fully. The IPSec VPN is between two AstLinux boxes. Head office has one Astlinux box, remote office has another. The description I gave before was that of the remote office. I want the clients at the remote office to connect over the Astlinux-to-Astlinux VPN to head office: Corporate LAN } | } Astlinux } head office | } DSL router } | Internet | DSL router - clients } | } remote office Astlinux } So the clients at the remote office end will have no VPN client app. They will route via local AstLinux to HQ Astlinux. So is this possible? Thanks, and apologies for lack of clarity Tom -----Original Message----- From: Lonnie Abelbeck [mailto:[email protected]] Sent: 02 October 2012 18:23 To: AstLinux Users Mailing List Cc: Tom Chadwin Subject: Re: [Astlinux-users] Astlinux VPN endpoint for clients not behind it Tom, It should, use this as a guide... give it a test. http://doc.astlinux.org/userdoc:tt_ipsec_vpn_apple_ios Lonnie On Oct 2, 2012, at 12:15 PM, Tom Chadwin wrote: > Single IPs. I'm looking for a solution to the problem that my net5501 > doesn't have wifi, but the router behind which it sits does. That's > the only thing I'm trying to solve. > > So it should work? > > Thanks > > Tom > > > -----Original Message----- > From: Lonnie Abelbeck [mailto:[email protected]] > Sent: 02 October 2012 17:57 > To: AstLinux Users Mailing List > Cc: Tom Chadwin > Subject: Re: [Astlinux-users] Astlinux VPN endpoint for clients not > behind it > > Tom, > > Are these 'clients' single IP's or subnets ? > > Assuming single IP's like mobile iOS, PC's, etc. using IPsec/XAuth > (IPsec Mobile on AstLinux) should work, no different then if they > originated via the public internet. > > You can "Push Network(s)" to the clients, but only if they support the > Cisco XAuth extensions (iOS, OS X and Cisco client does), other > clients would need to be manually configured which networks go into > the VPN, or possibly send all traffic via the VPN, which is the default. > > Lonnie > > > On Oct 2, 2012, at 11:27 AM, Tom Chadwin wrote: > >> Hello all >> >> Subject line does not explain this very well. I've successfully set >> up AstLinux IPSec VPNs before. However, I'd like to know if it is >> possible to set it up as follows: >> >> Internet >> | >> DSL router - client >> | >> Astlinux >> >> More precisely, Astlinux would be cabled to the DSL router, while >> clients would connect wirelessly to the DSL router. In other words, >> Astlinux is not _between_ the clients and the internet. Those clients >> need to use the IPSec VPN. >> >> Is this at all possible, if I add routes via Astlinux to the clients >> to the remote subnets? >> >> Thanks >> >> Tom > > > > ---------------------------------------------------------------------- > -------- Don't let slow site performance ruin your business. Deploy > New Relic APM Deploy New Relic app performance management and know > exactly what is happening inside your Ruby, Python, PHP, Java, and > .NET app Try New Relic at no cost today and get our sweet Data Nerd > shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to [email protected]. > > ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected]. ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
