1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Adding another route on network for outgoing VPN access?

Discussion in 'Tomato Firmware' started by Emmet, Mar 10, 2014.

  1. Emmet

    Emmet Reformed Router Member

    I currently have a simple network. 1 Cable Modem from ISP connected to my 1 wireless router which is 192.168.1.1. I use DHCP mostly but have a few static machines on my network.

    I want to now add a second router to my network, lets call it RouterB. I have tomato-usb on RouterB. I want RouterB to use a PPTP client to connect to a VPN server (a windows 2003 VPN server at my work). My idea is to have the second router setup with a 192.168.1.2 IP address. I am hoping I could then configure any machine/device on my network with a static IP and set its gateway to 192.168.1.2 and then it would be "on the VPN".

    I am having difficulties setting up a PPTP client on RouterB. I am confused if I need to configure the WAN to use PPTP, and/or if I just need to use tomato's VPN -> PPTP Client configuration. I have multiple combinations through trial and error but nothing seems to be working.

    Currently RouterA's WAN port is connected to my cable modem. RouterA also has a switch connected to one if its LAN ports. RouterB's LAN port is connected to the switch. (I also tried RouterB's WAN port to the switch but did not get anywhere with that). I have tried configuring RouterB's WAN to disabled and I tried set to PPTP. I am not sure how it should be set. I am also unclear on the VPN -> PPTP client section if that needs to be configured.

    Does anyone know how to do this? Am I even close to getting this right?
     
  2. eibgrad

    eibgrad Addicted to LI Member

    In terms of the PPTP client itself, it doesn't matter whether you configure it for the LAN or WAN. It’s still a PPTP client and requires the same setup.

    The difference between the LAN and WAN versions has to do w/ whether you want the PPTP clients on the same or different network (respectively) from the primary router. Using the WAN also forces all clients behind the WAN over the PPTP connection by changing its default gateway to that of the VPN. In contrast, if you use PPTP on the LAN, nothing will be forced over the PPTP client unless you a) reference an ip address that belongs to the VPN’s network, b) use policy based routing to force specific ***source*** IPs/networks over the PPTP tunnel or c) use routing commands to force specific ***destination*** IPs/networks over the PPTP tunnel.

    Which solution makes the most sense just depends on what problem you’re trying to solve. Both have advantages and disadvantages. But regardless, you have to be able to get the PPTP client connected by one or the other before you can worry about that.
     
  3. Emmet

    Emmet Reformed Router Member

    Thank you eibgrad, that answers parts of my question.

    My goal is to have any computer on my LAN (including wifi clients) to use this VPN. I dont want the LAN/wifi clients to use it by default. I want them to have to statically set their gateway to 192.168.1.2. I do not want to force a client computer to have its cat5 cable plugged directly into RouterB. I want any computer to be able to use this VPN gateway.

    With that said, I should be able to disable WAN on RouterB. Only use RouterB's LAN port. And configure the PPTP Client from TomatoUSB (shibby) in "VPN Tunneling -> PPTP Client" correct? If you are familiar with TomatoUSB do you know what the "Start with WAN" checkbox does? Do I want this checked? I dont even know what this setting means if I have my WAN set to "disabled" (and nothing plugged into my WAN port on router).

    Thanks so much for the reply!
     
    Last edited: Mar 10, 2014
  4. Emmet

    Emmet Reformed Router Member

    Just for more information about my goal... After I get this configured to funciton with my work VPN, I will eventually change the VPN provider to use a VPN server like PrivateInternetAccess so that I can enjoy things like pandora here in Canada. I know there are other ways to accomplish getting to US sites from in Canada like browser-plugins... dns redirectors, etc. I really want to go the VPN route. And I want the VPN to be transparent to all devices (and not have those devices require VPN client software).
     
  5. eibgrad

    eibgrad Addicted to LI Member

    Sounds like you want to use the LAN PPTP client. As far as the “Start w/ WAN” option, the router naturally assumes you are configuring the device as a router, not just a standalone device. So it probably won’t start the PPTP client unless the WAN is activated. But that’s not a big deal. You can start/stop the PPTP client from the command line anytime you like. Obviously it would make sense to do it from the startup script.

    Make sure you choose the “Redirect internet traffic” option. This changes the default gateway on that device to the VPN. You’ll need that once clients have their own default gateway changed to the LAN ip of the VPN router.

    Finally, it’s not always possible to manually reconfigure the default gateway of LAN devices (some are hardcoded to use DHCP, esp. consumer products/appliances). In that case, you may have to use policy based routing on the primary router (assuming it’s running tomato/dd-wrt).
     
  6. Emmet

    Emmet Reformed Router Member

    hanks again eibgrad. I actually got it working now. I was on the right track with all my configuration already but it was good to get another person to confirm what settings should be.

    I now have a few tweaks I want to do but I will keep reading on these forums. I am quite sure my questions have been asked before so I will do a little more reading. Thanks again!
     
  7. brianli

    brianli New Member Member

    Hi Emmet, I have the same situation as yours. Would you please direct me how you set your router B under the "Basic Setting" and the "PPTP client". Thanks in advance.
     

Share This Page