1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Gateway to Gateway IPSEC Tunnel...

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Callahan, Jun 26, 2006.

  1. Callahan

    Callahan LI Guru Member

    Is it possible with 2xWRV200s to create a gateway to gateway IPSEC tunnel over 802.11g?

    I am not in a position to run an open wireless connection, but should have no issues with running a VPN IPSEC tunnel over the wireless connection.

    Hopefully this would mean that the computer(s) on the outside of the vpn router will not have to run any vpn clients to communicate with computers on the other router, as the routers would handle the overhead themselves...

    thanks for any help or suggestions in resolving this issue.

    -Callahan-
     
  2. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    This will not work. The WRV200 is "hardwired" to terminate (ie: be an endpoint to) the VPN connection on the WAN interface. This is clear when reviewing the syslog output on the device.

    Eric
     
  3. HughR

    HughR LI Guru Member

    "hardwired" is a bit strong. Openswan certainly supports IPsec on all interfaces. But the way linksys configured it or lets the user configure it (through the GUI) may preclude this.

    Another reason for wanting the source in a rebuildable state.
     
  4. Callahan

    Callahan LI Guru Member

    Is it possible to put the WRV200 into client mode?

    -Callahan-
     
  5. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Hardwired means not changeable. It in technical descriptions, denoting a lack of any switching/selection mechanisms where there might be room for one.
    http://en.wikipedia.org/wiki/Hardwired

    Building 3rd-party firmware for this box won't change the definition. That said, I would welcome 3rd-party firmware given the h/w of this box. In another thread, an autopsy has revealed that the WRV200 has 32MB flash and 256MB RAM. Add to that its h/w-accelerated VPN encrypted mode throughput and it has the potential of being a very capable platform for the open source community.

    As you say, it's depressing that Linksys has decided to (my word) hardwire the open source code on this box..

    Eric
     
  6. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I see where you're going with this. Unfortunately the answer is: not with the stock firmware.

    /Eric
     
  7. Callahan

    Callahan LI Guru Member

    How about I try walking before running....

    Latest firmware for the WRV200 supports WDS... is there a walk through for setting up 2 WRV200s in a bridge format. This would be a good start.

    -Callahan-
     
  8. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    The user guide explains how to do this. This will set up an encrypted link using the wireless security settings of the box (WPA-PSK, WPA2, WEP, etc.)

    Things to do (off the top of my head)
    SSID1 (you can have up to 4) of all the WDS devices has to be the same;
    Wireless Channel has to be the same
    Wireless security has to be the same.

    /Eric
     
  9. HughR

    HughR LI Guru Member

    What do you mean by "client mode"? Are you referring to an IPsec configuration or something else?
     
  10. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Given the context of his question, I'm sure he's talking about the ability to turn a router into a wireless client to an existing infrastructure WLAN. The wired devices "behind" the client would be protected by the (hopefully) secure connection to the wireless network. When a router is in client mode vs. "AP mode". It can typically not accept wireless associations.

    Many 3rd party firmware builds such as DD-WRT, OpenWRT and Sveasoft support client mode in addition to WDS as part of their basic feature set.

    /Eric
     

Share This Page