Making another network see and access another one!

[htcz]

Hey

Let me see how I explain this:

Network 1:

WAN add: 88.34.12.3

Router add: 192.168.100.100

Netmask: 255.255.255.0

Clients (for examples): 192.168.100.2, 192.168.100.3, etc

Network 2:

WAN add: 94.55.98.3

Router add: 192.168.1.1

Netmask: 255.255.255.0

Clients (for examples): 192.168.1.2, 192.168.1.4, etc

Now how can I "join" both networks so when Im at a PC with 192.168.100.2 I can ping (and access) 192.168.1.4?

VLANs? Routes? Subnetting?

Thanks!

[offroadaaron]

VPN

[ANON86364]

If these two networks can be physically connected and the equipment is capable of routes, that is the way to go.

If the network are separated by public internet space, a VPN router at end will be your only option.

VPN would work in either case though. It just seems a little silly to VPN in scenario 1.

[htcz]

If these two networks can be physically connected and the equipment is capable of routes, that is the way to go.

If the network are separated by public internet space, a VPN router at end will be your only option.

VPN would work in either case though. It just seems a little silly to VPN in scenario 1.

I think I have have explained myself incorrectly.

There is only ONE scenario. 2 networks seperated by a public space (internet would be the case) but I want to them to be seeable and access each other freely.

Besides VPN (which I knew of :) ) is there any other choice (irrelevent if it is better ot worst; I just want to be able to explain it and give options)?

Also something that can be done freely; Nothing proprietary

[cybertimber2008]

VPN or a point-to-point connection (fiber, etc)

If you want "freely", then VPN solutions are the direction you should look.

[CentralDogma]

If you just need one computer to be accessible from the other network, you could use DMZ or port forwarding.

[sc302 Veteran]

without putting in other services (mpls, fiber, or some other point to point connection), the only way to do this is with a vpn.

[htcz]

I went ahead and drew this out (yes I know my drawing skill are great :p )

This is basically what I have. Just to show you a bit what I mean :)

Now, I knew about VPN and I understand if it is the only way but theres no other technology out there? I would understand it being "difficult" as with NAT, Firewalls, etc a direct connection like this would be impossible but just to know :)

Also, how can I configure a VPN via simply command line? One of the reasons I asked for alternatives to VPN is because on some of these I only have access to a command line and Im not sure if Linux distros by default include a VPN server/client.

Thanks to all that have helped.

[xendrome]

I went ahead and drew this out (yes I know my drawing skill are great :p )

This is basically what I have. Just to show you a bit what I mean :)

Now, I knew about VPN and I understand if it is the only way but theres no other technology out there? I would understand it being "difficult" as with NAT, Firewalls, etc a direct connection like this would be impossible but just to know :)

Also, how can I configure a VPN via simply command line? One of the reasons I asked for alternatives to VPN is because on some of these I only have access to a command line and Im not sure if Linux distros by default include a VPN server/client.

Thanks to all that have helped.

VPN Routers at each end, static IP for each sites Internet connection, create a tunnel, done. Google -

SRXN3205

[htcz]

Neowin's stupid attachment system is acting up...

[ANON86364]

I went ahead and drew this out (yes I know my drawing skill are great :p )

This is basically what I have. Just to show you a bit what I mean :)

Now, I knew about VPN and I understand if it is the only way but theres no other technology out there? I would understand it being "difficult" as with NAT, Firewalls, etc a direct connection like this would be impossible but just to know :)

Also, how can I configure a VPN via simply command line? One of the reasons I asked for alternatives to VPN is because on some of these I only have access to a command line and Im not sure if Linux distros by default include a VPN server/client.

Thanks to all that have helped.

You say you know what VPN is but then you talk about configuring it via command line. Unless you have some moderately sophisticated server at each end, what in the world are you thinking?

VPN is it. There's nothing wrong with the technology so what is the hesitation?

There are software VPN solutions like Hamachi, but just do it right and get hardware.

Edit after seeing picture: So you already have routers at each end. Well, what model are they?

[htcz]

VPN Routers at each end, static IP for each sites Internet connection, create a tunnel, done. Google -

SRXN3205

Ah VPN routers.....thats what I am trying to avoid!

Not really avoid, just if it cant be done any other way, it cant be done.

The SRXN3205 is kind of cheap and used at a domestic level right?; We are looking for more industrial "module" type of routers. Google - NetModule NB1600

[htcz]

You say you know what VPN is but then you talk about configuring it via command line. Unless you have some moderately sophisticated server at each end, what in the world are you thinking?

VPN is it. There's nothing wrong with the technology so what is the hesitation?

Edit after seeing picture: So you already have routers at each end. Well, what model are they?

This information is both unknown (actually I know one end only but im looking for something that wouldnt matter) and unreplacable :) Buying the 2 cheapest DD-WRT routers, turning on their VPN features and calling it a day wont do justice here....

Even if it is VPN, there has to be SOME configuration at the end to end point: Someone listening and another one sending (in a PTPP).

I guess VPN then is the only way.

[htcz]

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

[ANON86364]

I guess VPN then is the only way.

Once again, yes.

Buying the 2 cheapest DD-WRT routers, turning on their VPN features and calling it a day wont do justice here....

Why not?

Even if it is VPN, there has to be SOME configuration at the end to end point: Someone listening and another one sending (in a PTPP).

Of course there's configuration, but to ask how to do it via command line implies you know the equipment at each end.

[ANON86364]

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

Where would anything get out to the internet then?

[simsie]

There is also GRE tunnelling, which is insecure unless wrapped inside an IPsec tunnel. That is possible on Linux. On Windows Server you could use it's built in VPN and some clever routes.

[c.grz]

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

If routing is configured correctly, then you'd be all set. Of course both router interfaces talking to each other will have to be on the same subnet.

[sc302 Veteran]

you are best off doing this at the firewall. not to one or another pc. If your firewall is cli based, like say a cisco asa, then yes it can be done at a command line through either telnet or ssh. That is the way I would recommend setting it up when you need site a access to site b.

[htcz]

Why not?

Not an acceptable option. I guess then (preconfigured) VPN routers are the only way to do this

Of course there's configuration, but to ask how to do it via command line implies you know the equipment at each end.

I didnt directly imply anything :) I simply asked if it was possible other ways than VPN.

Where would anything get out to the internet then?

It wouldnt. It would be 2 networks (192.168.100.x and 192.168.1.x) trying to communicate with each other.

There is also GRE tunnelling, which is insecure unless wrapped inside an IPsec tunnel. That is possible on Linux. On Windows Server you could use it's built in VPN and some clever routes.

Problem is GRE is Cisco depenent

If routing is configured correctly, then you'd be all set. Of course both router interfaces talking to each other will have to be on the same subnet.

The same subnet or same subnet mask (which may be the same thing and Ive mixed up terms)

[sc302 Veteran]

leave subnetting and masks out of this. lets not complicate it any more than it needs to be.

[c.grz]

The same subnet or same subnet mask (which may be the same thing and Ive mixed up terms)

Both, in order to be on the same subnet the having the same subnet mask is the first requirement.

[sc302 Veteran]

Both, in order to be on the same subnet the having the same subnet mask is the first requirement.

Why are you talking about this? the solution is to be on a vpn. You would need routeable interfaces, if everything is on the same subnet or supernet you take that ability out. I haven't seen in a long time where a network is point to point, everything is frame or mpls or vpn...all of these technologies require route-able networks not in the same subnet(s).

[ANON86364]

I agree that the best way to do this is at the firewall. But apparently he has equipment at each end which is not replaceable and we don't know what the models are.

[c.grz]

Why are you talking about this? the solution is to be on a vpn, even in a point to point network the subnets wouldn't be the same as they would need to route. You would need routeable interfaces, if everything is on the same subnet or supernet you take that ability out. I haven't seen in a long time where a network is point to point, everything is frame or mpls or vpn...all of these technologies require route-able networks not in the same subnet(s).

I'm responding to the question he asked; which I quoted in my first post.

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

In this instance; then subnets do matter; yes or no?