1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

From a Roadwarrior: Tips on Scaling QuickVPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by eric_stewart, Jan 29, 2007.

  1. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I posted this is as a reply on a separate thread at http://www.linksysinfo.org/forums/showthread.php?p=292888#post292888 , but I thought I'd split it out as a separate subject since several found it interesting:


    Let me explain something that I've done on my home network to make the remote access VPN thing even slicker!

    I have setup a Linux box in the DMZ on my RV042 as a DNS server (among other things). The Linux box is setup on the RV042 as its 1st (of two) DNS servers. Thus, when I QuickVPN to my home network, my DNS requests resolve to the the RV042's 1st DNS server...my Linux box since QuickVPN uses the RV042 (QuickVPN gateway) as its own 1st DNS server. This is very handy, since I've registered the names of all my internal boxes to the DNS server. Interestingly, my domain suffix also resolves to breezy.ca As a result, when I ping "sky" for example, the DNS server appends the domain name suffix to the request and the request becomes "sky.breezy.ca" Since my DNS server is the authority for breezy.ca, the request resolves to sky's internal Ip address, 192.168.0.1, and the ping proceeds.

    This also works with NetBIOS names. ie:, with QuickVPN connected, when I put "\\netfiles" in a browser window to browse the shares on the server "netfiles", this resolves to the IP address 192.168.0.253. I don't find IP addresses hard to remember, tbh, but this is very handy. The other cool thing is that even my internal dynamic IP addresses are registered automatically with the DNS server as they obtain an IP address. This is not something I configured myself, but I'm quite pleased with this particular "auto-magic" thing. I know my daughter's computer is called "ThinkPad-T43" and I can just plug \\ThinkPad-T43 into my Windows Explorer window, confident that the DNS server will resolve it to its address-du-jour. Very kewl.

    I've also noticed that I can connect back to my QuickVPN client from boxes on the inside of my home network. This is really cool, but how does it work? Simple. When QuickVPN connects to my RV042, the RV042 creates a routing table entry for the IP address of the QuickVPN client, making the "ipsec0" interface (The QuickVPN tunnel) the next hop for the packets. For example, I've got 172.16.99.200/32 in my routing table as I write this. I put \\172.16.99.200 in a Windows Explorer window and presto!...I see the shares.

    This is actually quite simple to do, and I highly recommend that anyone who would like to roll your own DNS server check out Linux as a platform. I'm running Ubuntu Edgy Eft 6.10 with BIND9 DNS server on it. Absolutely free stuff and rock steady! You can look up some information, including useful links and a blog by yours truly, on both these subjects on my hobby website -> www.breezy.ca

    /Eric
     

Share This Page