General discussion


VPN interfaces

By dagppm ·
Good Afternoon, i am trying to implement a VPN Server but am confused by the basic requirements and interfaces.

I have two network cards in the proposed VPN server. One NIC is currently disabled. My domain is within the 192.168.1.x address range, the active NIC is and my router uses

Is this my LAN interface or connection to the Internet? It communicates on the LAN and connects to the internet, through the gateway address being configured on the NIC.

If someone could advise on this please, as when configuring the VPN the wizard asks to specify which is the connection to the internet and which is the internal connection

Also, what should i configure my second NIC to, in light of the IP configuration highlighted above

Thanks from London

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Nico Baggus In reply to VPN interfaces


Your firewall needs to sit between the router to
the outside world and the inside world.

Dont connect the firewall yet.....

Easiest would be to configure the LAN interface
on the fire the same as the current router
address ( so that all trafic on the
LAN goes to the firewall.

Reconfigure to have the router a different
address (assuming the netmask is
make the router and disconnect it
from the LAN, connect the firewall to the LAN
instead on the right LAN nic (appearantly your

The other interface of the router should be
something like: or another address
on your outside network (It doesn;t qualify as a
DMZ but it gets close.

Connect that interface to the router, using
hub/crosscable etc.

Make the default gateway:

You should have a working connection to the
outside world now.

For VPN you need to translate the IDE packets to
the internal address (UDP port 500)
and also the ESP protocol needs to point to on your router.

You probably also need to setup NAT on the
outside port of your VPN appliance. Also keep in
mind that a mode call NAT-T might me needed when
defining IPSEC tunnels.

This is at least a start to get the stuff
connected & communicating.

Kind regards,

Related Discussions

Related Forums