Obviously, I can do that, and do in other installs. However, I am trying to
achieve what I need without purchasing any more hardware. Tom M, I'd be
interested to hear how you managed your solution, since it sounds as though
it's exactly what I need.
Thanks for the help
Tom
PS DSL modem/router is a Linksys WAG200G. Doubt it supports VLANs.
From: David Kerr [mailto:[email protected]]
Sent: 02 October 2012 20:33
To: AstLinux Users Mailing List
Subject: Re: [Astlinux-users] Astlinux VPN endpoint for clients not behind
it
If it were me, I would turn of the "routing" and wireless part of your DSL
Router and just bridge directly to Astlinux. Astlinux would then become the
router in your network and I would connect a Wireless AP or Router (in
Bridge mode, routing turned off here too) to the LAN side of Astlinux.
Note that if you connect a Wireless Router as a bridge, then you connect
into one of the LAN ports on the box, not into the WAN port -- the port that
you would normally have connected to the Cable/DSL router -- this port is
unused in Bridge mode.
A quick scan of Newegg.com confirms that if you don't need the
latest-and-fastest, they are pretty inexpensive. Just check before buying
that you can switch to bridge mode (I have both Linksys and D-Link and they
support it).
David
On Tue, Oct 2, 2012 at 2:12 PM, Lonnie Abelbeck <[email protected]>
wrote:
Tom,
Ahhh, you don't want to require your clients to have a IPSec client (Thanks
David).
No, other then David's VLAN suggestion, either requiring the clients to have
a IPSec client, or add a WiFi Access Point behind (instead of in front) of
the Remote AstLinux is needed.
You must get the 'clients' subnet behind the AstLinux box, either with a VPN
tunnel or additional WiFi hardware.
Lonnie
PS: Should your "DSL router" be featured enough to support VLAN's (though I
doubt it), assuming your AstLinux box's external interface is eth0, create a
VLAN eth0.10 for the 'clients' wireless subnet and treat that as an internal
interface within AstLinux. You would want to 'bridge' the wireless clients
in the DSL router so AstLinux is managing the subnet on the VLAN, setting
the network, doing the DHCP, etc. . Probably a moot point anyway.
On Oct 2, 2012, at 12:31 PM, Tom Chadwin wrote:
> Am I getting confused? I don't think I've explained myself fully. The
IPSec
> VPN is between two AstLinux boxes. Head office has one Astlinux box,
remote
> office has another. The description I gave before was that of the remote
> office. I want the clients at the remote office to connect over the
> Astlinux-to-Astlinux VPN to head office:
>
> Corporate LAN }
> | }
> Astlinux } head office
> | }
> DSL router }
> |
> Internet
> |
> DSL router - clients }
> | } remote office
> Astlinux }
>
> So the clients at the remote office end will have no VPN client app. They
> will route via local AstLinux to HQ Astlinux.
>
> So is this possible?
>
> Thanks, and apologies for lack of clarity
>
> Tom
>
>
> -----Original Message-----
> From: Lonnie Abelbeck [mailto:[email protected]]
> Sent: 02 October 2012 18:23
> To: AstLinux Users Mailing List
> Cc: Tom Chadwin
> Subject: Re: [Astlinux-users] Astlinux VPN endpoint for clients not behind
> it
>
> Tom,
>
> It should, use this as a guide... give it a test.
>
> http://doc.astlinux.org/userdoc:tt_ipsec_vpn_apple_ios
>
> Lonnie
>
>
> On Oct 2, 2012, at 12:15 PM, Tom Chadwin wrote:
>
>> Single IPs. I'm looking for a solution to the problem that my net5501
>> doesn't have wifi, but the router behind which it sits does. That's
>> the only thing I'm trying to solve.
>>
>> So it should work?
>>
>> Thanks
>>
>> Tom
>>
>>
>> -----Original Message-----
>> From: Lonnie Abelbeck [mailto:[email protected]]
>> Sent: 02 October 2012 17:57
>> To: AstLinux Users Mailing List
>> Cc: Tom Chadwin
>> Subject: Re: [Astlinux-users] Astlinux VPN endpoint for clients not
>> behind it
>>
>> Tom,
>>
>> Are these 'clients' single IP's or subnets ?
>>
>> Assuming single IP's like mobile iOS, PC's, etc. using IPsec/XAuth
>> (IPsec Mobile on AstLinux) should work, no different then if they
>> originated via the public internet.
>>
>> You can "Push Network(s)" to the clients, but only if they support the
>> Cisco XAuth extensions (iOS, OS X and Cisco client does), other
>> clients would need to be manually configured which networks go into
>> the VPN, or possibly send all traffic via the VPN, which is the default.
>>
>> Lonnie
>>
>>
>> On Oct 2, 2012, at 11:27 AM, Tom Chadwin wrote:
>>
>>> Hello all
>>>
>>> Subject line does not explain this very well. I've successfully set
>>> up AstLinux IPSec VPNs before. However, I'd like to know if it is
>>> possible to set it up as follows:
>>>
>>> Internet
>>> |
>>> DSL router - client
>>> |
>>> Astlinux
>>>
>>> More precisely, Astlinux would be cabled to the DSL router, while
>>> clients would connect wirelessly to the DSL router. In other words,
>>> Astlinux is not _between_ the clients and the internet. Those clients
>>> need to use the IPSec VPN.
>>>
>>> Is this at all possible, if I add routes via Astlinux to the clients
>>> to the remote subnets?
>>>
>>> Thanks
>>>
>>> Tom
>>
>>
>>
>> ----------------------------------------------------------------------
>> -------- Don't let slow site performance ruin your business. Deploy
>> New Relic APM Deploy New Relic app performance management and know
>> exactly what is happening inside your Ruby, Python, PHP, Java, and
>> .NET app Try New Relic at no cost today and get our sweet Data Nerd
>> shirt too!
>> http://p.sf.net/sfu/newrelic-dev2dev
>> _______________________________________________
>> Astlinux-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
>>
>>
>
>
>
>
----------------------------------------------------------------------------
--
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
>
>
----------------------------------------------------------------------------
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
