1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Extending vpn

Discussion in 'Tomato Firmware' started by streppuiu, Aug 8, 2017.

  1. streppuiu

    streppuiu Networkin' Nut Member

    Hi, I have one vpn network created by a vpn box to which I do not have access to configure in any way. It connects this network to a network far away over the internet.

    I would like to extend this VPN over the internet again to another remote location. I am not able to add port forwarding rules to this box so I cannot reach any internal router which could create an additional vpn.

    So I tried to use a tomato WRT54GL router connected to this network on one of its LAN ports and to the Internet through its WAN port to create a new VPN (OpenVPN). I have configured my VPN on the router with TAP and the external IP of the wrt router. The vpn is established successfully IF the existing vpn network cable is not connected to the router. If I connect the old VPN then establishing the new vpn through the wrt router fails with an error like "interface [external router adapter IP address] not ready". I can provide the entire wrt config if that would help.

    Is this happening because there are 2 actual internet gateways connected?
    Is there something I could do about this set up to make it work? If yes then what is that?

    Thanks.
     
  2. rs232

    rs232 Network Guru Member

    No disrespect but I have the feeling you don't have clear in mind what you want to achieve.
    The above two paragraphs are contradicting each other. You don't have access to the VPN box but you want to extend the VPN? I "guess" I'm "guessing" what you're "thinking" but can I suggest you fully re-phrase your post?
    Is the VPN box the default gateway? does it sit in front or behind tomato? I'm confused. Your post generates more questions than answers.
     
  3. streppuiu

    streppuiu Networkin' Nut Member

    Ok, I am sorry for not being clear here.
    So, the VPN box is the default gateway as far as I know. All devices connected to it are accessing the internet through it. And I know this because while being connected to the box with a laptop I checked my external IP address by using whatsmyip.com. And it shows an IP address located in a different country (the one the main network of the VPN is located in).

    What I want to do is to get inside the VPN through a tomato router from another internet "gateway" or entry or "backdoor", not sure how to call it. So I connected one of the router's LAN ports to the VPN network and its WAN port to the internet (I think this is on the same subnet that the VPN box is also connected with its WAN port). I attached a small image, please see it maybe it's helpful.
     

    Attached Files:

  4. rs232

    rs232 Network Guru Member

    Ok

    The diagram is still confusing as you have a loop, is that right?

    Regardless you need to provide information on the IP addressing used on a site basis please.

    Thanks
     
  5. streppuiu

    streppuiu Networkin' Nut Member

    Yes, I think there is a loop indeed because both the router and the box connect to the internet through the same network. But I am not sure they are on the same subnet, I will have to ask the net admin about this. However, the router has a WAN IP address that is reachable from the outside without port forwarding. It starts with 82 as I remember. The vpn box probably has something similar for the outside not sure but I will ask. The box also is a dhcp server, it provides internal addresses like 192.168.1.x. My router has a fixed internal IP - 192.168.1.254. Also, tomato is set up with a VPN on the router with TAP and a range of addresses 192.168.1.50-53. Does this help?
     
  6. streppuiu

    streppuiu Networkin' Nut Member

    I added the ip addresses that I am aware of to the diagram, please see and let me know if that is helpful or gatways, dns's and masks are also needed. Thank you.
     

    Attached Files:

  7. rs232

    rs232 Network Guru Member

    Are you saying that you have set up tomato with the same LAN ip as the VPN gateway? 192.168.1.1?
    You can not have 2x identical IPs on the same LAN segment.
    I'm afraid your network design is very confusing... it seems like you're mixing together physical and logical design.
     
  8. streppuiu

    streppuiu Networkin' Nut Member

    I am sorry, that is my mistake, the router's IP address is 192.168.1.254. The mistake is on the diagram. I have set it statically into the router. What do you mean "mixing physical and logical design"? I am not a net guru so please be more explicit. Can you help with getting this done or you need something else from me to tell you, related to the network setup? Thank you.
     

Share This Page