sl54+Thibor - how to set up vpn?

Discussion in 'HyperWRT Firmware' started by plugh, Sep 3, 2007.

  plugh

    plugh

    I've never dabbled with vpn's so this is new territory for me...

    I want to make resources on my lan available to a few selected individuals across the wan. In essence I would like to join their lans to mine. Ideally this would be a MAC level bridge/tunnel across the wan, but it seems pptp or l2tp are more common solutions.

    Most of my shared resources are located on a single machine on my LAN (a W2K Pro sp4 box). However I don't want to limit the remote access to just that machine, unless technical or security reasons dictate such a constraint.

    There is no commonality between setups at the 'clients', however for the moment I want to focus on a single client. The others I may or may not set up depending upon how well things work with this case.

    In this particular case, the client has a wrt54g v5 running stock linksys vxworks firmware. My end is an sl54 running a private Hyperwrt build, that I am considering flashing to the Thibor build with the pptp server.

    Fundamental questions:

    The stock wrt54g has a PPTP option under 'Internet Connection Type'. Will this 'play well' with the PPTP server in Hyperwrt Thibor?

    Both myself and the client are connected to cable ISP using DHCP assigned addresses (that almost never change). If the wrt54g is configured for PPTP, will it still pick up and renew this assignment?

    What does the resulting network look like? How is traffic between the two 192.168.x.x LANs handled vs traffic to/from each lan and the internet? In particular, will 'his' wan traffic be routed across the tunnel and then out my connection (yuck)?

    Thanks in advance!
  kop48

    kop48

    Just from a quick look, if you set the internet connection to PPTP, then all outgoing traffic would be routed to your LAN. This is also assuming that your modem is logging into the internet provider for you too.
  plugh

    plugh

    Kind of looked like that to me as well, but thought that perhaps I was misinterpreting the linksys wrt54g docs. As that is NOT the behaviour I want, guess I'll have to find another solution...

  Toxic

    Toxic

    Thibor 17RC3 for the WRTSL54GS has a PPTP Server that you can use to allow PPTP Clients to connect to from outside the WAN.

    The 'Internet Connection Type' Setting for PPTP has nothing to do with a VPN.
  plugh

    plugh

    Uh, yes, I know Hyperwrt Thibor has a PPTP Server (as stated in original post).

    The 'Internet Connection Type' setting of 'pptp' in the stock linksys wrt54g v5 would be the PPTP Client connecting to that server.

    However, all I want is to link (for example) lan1 at 192.168.1.x and lan2 at 192.168.2.x, I don't want my sl54 to become the wrt54g's internet access path; the wrt54g should still use dhcp to acquire an ISP assigned internet address and route wan traffic directly rather than across the pptp link.

    The VPN I want to create is the combination of multiple 192.168.x.x lans via a tunnel between the routers. To put it another way, I want to create a point to point 'virtual circuit' between the two routers with a routing instruction on each router that says 'the path to the other lan is via that virtual circuit'. Thus only traffic between the lans will go through the tunnel. But it appears the 'PPTP Client' in the stock linksys wrt54g v5 router may not support this configuration.

    Or are you saying it will?

  frenchy2k1

    frenchy2k1

    No, it wont. And if you configure the wrt54g v5 to pptp, your mate wont even have internet access (as the router would not connect to the ISP anymore).

    What your mate will need to do is establish a VPN connection to your server (make sure you have a dynamic redirector, like dyndns, to make things easy).
    Anytime your mates want to access your network resources, they'll establish the VPN connection to your router and access the resources.

    On your end, the PPTP server from Thibor *should* work, but I lack experience with it (tried to use it once and failed).
  plugh

    plugh

    Unfortunately, some of the boxes involved at 'my mates' end don't support any sort of vpn/tunneling; that's why I was hoping to do it in the router.

    Thanks anyway...
  ifican

    ifican

    If they run any application that has pptp capability it should work.
  kop48

    kop48

    Windows XP has a built-in PPTP client too, so does OS X and I'm pretty sure you can set one up in a jiffy for *nix (as the Thibor client is an open-source one anyway!).
