How to configure a 2nd router to act as VPN gateway

gatewaynetworkingvpn

i need to configure a new router with DD-WRT, in my network, configured as gateway VPN.

My main gateway router is configured with ip Address 192.168.1.254, Subnet 255.255.255.0.
It act also as DHCP that release 192.168.1.x address class.

The 2nd router with DD-WRT is configured with ip address 192.168.1.10.
Then i configure VPN as described like image 2.
The Problem is both pc1 or pc2 if configured with gateway 192.168.1.10 can't go on internet.

What am i missing ?

enter image description here

Best Answer

From your gateway router, you must poke a few holes in the firewall, and possibly enable some firewall modules. From the picture you posted, it looks like you're trying to setup l2tp, which usually is mixed with IPSEC. Both of which require forwarding more than just a few ports. IPSEC requires 2 protocols to be permitted through, as well as a port. You must permit AH (protocol 51) as well as ESP (protocol 50) as well as udp port 500. Openwrt has a great wiki page just for that.

If your gateway router is not running openwrt, usually you can find an option labled "ipsec passthrough," "vpn passthrough" or something similar. In openwrt, you'll need to install the iptables-mod-ipsec package to permit iptables to keep track of ipsec connections. (Without it, you will be limited to 1 connection)

Once IPSEC is permitted in, l2tp will make use of the encrypted data stream to tunnel layer 2 communications between the endpoints.

Related Solutions

How to set up routing for a VPN gateway separate from the main gateway

Just like you have a route to the main gateway pointing all the traffic to the vpn subnet to the vpn gateway, you need a route in the vpn gateway pointing all traffic to the main subnet to the main gateway.

Router – Trouble setting up a DD-WRT router with a DSL gateway

You want to put the router between your gateway and the switch as mentioned. In this typical setup, all traffic between the internet and your local network runs through the router and gateway, which allows you to control the traffic using either device.

internets---------[gateway]---------[router]------[switch]---local network
              192.168.0.1 (lan)   192.168.1.253              192.168.1.XXX
              XXX.XXX.X.X (public)

Your second setup could allow all connections through the gateway, but this would mean that you would not be able to force control traffic from your router and your router would just be a DHCP server.

internets---------[gateway]---------[switch]------[router]
             192.168.1.254 (lan)       |       192.168.1.253
             XXX.XXX.X.XXX (public)    |
                                       +---local network
                                           192.168.1.XXX

There is a third possible setup and one that I actually use at my place. In this mode, the DSL modem only acts in a pass-thru/bridge manner (like a dumb modem). We use PPPoE for DSL connections and DD-WRT supports it. As a result of this setup, the Internet connection interface is actually on the router instead of the gateway, which allows further control over the traffic.

internets------bridge---------[router]---------[switch]---local network
               (modem)     192.168.1.254 (lan)              192.168.1.XXX
                           XXX.XXX.X.XXX (public ip)

Best Answer

Related Solutions

How to set up routing for a VPN gateway separate from the main gateway

Router – Trouble setting up a DD-WRT router with a DSL gateway

Related Topic