Question

Locked

Internet traffic over a VPN - what server settings or ip forwarding?

By info ·
Unlike many of the questions on here related to VPN's I have set everything up correctly and can now establish my VPN using two windows XP machines, PC 1 and PC 2. No problems there.

However, internet access is lost. I don't wish to split tunnel, and I explicitly want to use the remote gateway of the remote machine (PC 2), so please no suggestions to disable the remote gateway checkbox under advanced settings.

What I want to know is how to get the VPN server of PC 2 to froward all, ALL, traffic to it's WAN interface and have PC 1 transparently use the internet (and all trypes of traffic) through PC 2's WAN interface.

I don't have ISA server, just two windows XP home machines. Does anyone know how to setup portforwarding (if that's the right term) or some way of forcing the VPN server to send all traffic of it's WAN internface?

I can't for the life of me find wha tI'm looking for - but then I'm sure I haven't googled the 'correct terminology', and it's darn frustrating!

Please, any help very much appreciated.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

well not entirely possible with Desktop operating system.

by CG IT In reply to Internet traffic over a V ...

because you need to provide the remote VPN client with DNS and default gateway information of the remote network as well as a local IP address. Without this information, the remote in VPN client can not use the remote networks internet connection.

Typically, in a Windows Environment RRAS is used for VPN which uses a DHCP Relay agent and DHCP options to provide this information. Desktop software like XP do not have DHCP server services. Consumer level routers also don't have configurable DHCP options.

Collapse -

Any open source services I can install instead?

by info In reply to well not entirely possibl ...

Or is this how XP Server makes it's money?

The way I understand it, I need to just add a route entry that maps all traffic from one subnet to another? Or am I missing something?

If I'm not missing something, how simple is subnet bridging? (that's what it is right?)

Thanks again.

Collapse -

Have you considered getting a hardware solution?

by jdclyde In reply to Any open source services ...

Routers can do this, but a windows pc is not designed to do more than basic connectivity.

If a low cost solution is required, you can look at using two old pc's with dual nic's, load linux and use THAT as your routers.

Otherwise, you need a router that can do VPN.

Collapse -

Hardware not an option. There 'has to be' a way....

by info In reply to Have you considered getti ...

This isn't really hard, I'm sure it's not. I appreciate everybodies reply but I was under the impression that there were some really hard-core technical people about who know the answer to what is seemingly a simply problem - it can't possibly require that I purchase ISAserver or 'two new/old pc's' - if the functionality to bridge is already in windows why is bridging a VPN to a WAN adapter so hard?

(I do appreciate tha tI don't have the answer, but perhaps it's becuase I'm not asking the right question - any thoughts?

Appreciated.

Collapse -

trying to do something which was not intended

by CG IT In reply to Hardware not an option. T ...

for Windows XP desktop operating system. That is to provide routing and remote access services to a remote VPN client.

Routing and remote access services for VPN clients is typically provided by either the perimeter router that establishes and maintains the VPN tunnel or server software that provide remote access services.

Collapse -

Not intended, perhaps....

by info In reply to trying to do something wh ...

but 'is it possible' and how? I'm not sure what 'not intended' means, shot of 'go and get ISA' or 'install Linux'.

It's a technically challanging question and I'm looking to see if anyone knows the 'technical' solution, rather than the Redmond/cisco marketing one.

Windows XP does contain the possiblilty to act as a router - hidden and disabled by default (see: http://www.home-network-help.com/ip-forwarding.html_ so I'm not sure we should be put off by 'unintended'.

Is there anyone out there who knows how to solve the last link in my puzzle? This is clearly a routing table entry issue (manual solution) - anyone any suggestions?

Thanks agian for the feedback - anyone 'know how'?

Collapse -

XP can act as a router if you multi-home it

by CG IT In reply to Not intended, perhaps....

but then that is for sharing an internet connection on a LAN. not for providing a remote access VPN client with a local address, default gateway and DNS server addresses.

It's those elements, a local address, a default gateway and DNS servers that the remote VPN client must have to gain access to the internet when connected to the remote network via VPN. If you can figure out a way to have the XP machine the VPN client connects to provide the VPN client with a local LAN address, the local LAN default gateway and the local LAN DNS servers used to get to the internet, your problem is solved. As of yet, I don't know of any default installed Windows XP services that can provide remote access VPN clients with those addresses that are necessary for internet access.

Collapse -

As a "simple router", as stated

by seanferd In reply to Not intended, perhaps....

In other words, much simpler than your average home router. An entirely within your LAN, as far as connecting to networks you own.

You'll at least need XP Pro version, if you want to attempt this.
http://www.zdnetasia.com/insight/network/0,39044847,39050037-39000223c-1,00.htm

Collapse -

CG IT's answer below seems good....

by info In reply to Not intended, perhaps....

now anoyone know how to make what he suggests happen? What 'service' is XP missing, as compared to the 'server' / ISA OS models?

help appreciated!

Collapse -

ideally you need DHCP Services

by CG IT In reply to Internet traffic over a V ...

with DHCP Relay agent that provides remote access clients with a local address. Also with DHCP, you can provide DHCP clients with default gateway and DNS server addresses through options.

non ideally, ..... VPN server software

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums