+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 That drawing makes no sense! And now I am confused.. So there is no other server on 192.168, this just the normal address of your openvpn server? Why do you think you need another switch port for this vpn network?? You do under V stands for virtual Why do you have the second router in there? And you have 192.168.100.2 on one interface of the 2nd router and then 192.168.100.3 on the server but connected to a different interface? What router is this exactly? Can you give model number. Its not right, why would the router have an IP in the vpn network? I think we are having a breakdown in just basic understanding of networking in general here. And again VPN stands for Virtual Private network - you would not have actual physical interface on a router with the vpn network on it. Forget the openvpn server -- draw me your network as it exists today -- did you throw in that second router because you thought you needed it for the vpn? Show me your clients and servers on what network? With what mask? Just that one internet router I assume with some switch(es) all on the 192.168.100.0/24 edit: Ok this is how I see your network BEFORE doing anything with VPN -- is this correct? Also please could you tell me what make and model number of your router connected to the internet is -- you do know your going to need to forward ports to this server you want to run openvpn on. And if the above is you setup you might want to think about bridge mode vs route on your openvpn setup. Its better if the actual gateway/firewall/router on the edge of your network run openvpn vs a server on the inside. At least from running a routed method of client access. Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 That drawing makes no sense! i reviewed it and you are correct; i ment to put the network with the VPN already in place.....srry And now I am confused.. So there is no other server on 192.168, this just the normal address of your openvpn server? Why do you think you need another switch port for this vpn network?? You do under V stands for virtual on the 192.168.1.x line, there is no other server of this sort that has to do with the VPN. Why do you have the second router in there? And you have 192.168.100.2 on one interface of the 2nd router and then 192.168.100.3 on the server but connected to a different interface? What router is this exactly? Can you give model number. Its not right, why would the router have an IP in the vpn network? that second router acts like a client; connecting to other pcs :) i pmd u the model number and a page describing its usage edit: Ok this is how I see your network BEFORE doing anything with VPN -- is this correct? completely correct. that is my current network as of right now (xcluding vpn) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 "completely correct. that is my current network as of right now (xcluding vpn)" So you want to turn a box that is currently on your 192.168.100 network into a openvpn server. If this is the case there is no need for that 2nd router. "that second router acts like a client; connecting to other pcs" I don't understand this statement - does this router have its own different internet connection? Do you have some other segment different than your 192.168.100 network that connects more machines to this 192.168.100 network? I am not seeing any PM? If you want a box that is on your 192.168.100 network to be your vpn server and you want to allow access to other machines on the 192.168.100 for your remote vpn clients - then a bridge setup is prob a better setup for you. Here this might explain what I am talking about a bit better. http://www.grc.com/vpn/routing.htm Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 typed out alot. u shud have the pm now. i apolizige Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 i thik it got sent out....all of a sudden my internet failed me (i thnk it was a test i did with the vpn.....) so i hope it got to u Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 So I got the PM, and that router can do VPN, it can even act as an openvpn server. So you don't need a server on your lan at all to act as your vpn server. You can do it on your gateway (1st router) Reading the Pm now trying to understand what exactly it is your trying to do. And then let me see if I can draw it out so we are clear on what your trying to do. edit: "Router 2's port C will be on another site and is the main entry point for the VPN. This will have whatever the network it currently is on's range. Port D will me connected to a PC." You sate that Port 1( C ) of this 2nd route is in another site -- how is port C(1) connected to your network?? If its other port D (2) is just connected to a PC?? How does your site talk to router 2?? Does site 2 have its own internet connection? And some other router? Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 So I got the PM, and that router can do VPN, it can even act as an openvpn server. So you don't need a server on your lan at all to act as your vpn server. You can do it on your gateway (1st router) Reading the Pm now trying to understand what exactly it is your trying to do. And then let me see if I can draw it out so we are clear on what your trying to do. ok :) thank u very much once again. without out u i wud still be doing , countless trial and error. over the week end, im goign to try to implement it at home using vms (i do not work weekend but i want to get this configured correctly so on monday ai can come in and bascially do it....) Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 and yes, to comment further: the first one will act as a openvpn server and the second (and more if i can get this to work) will act as openvpn clients in remote locations. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 "Router 1's port A will be directly connected to my current network and to the internet. This is 192.168.100.x" That makes NO sense -- how can port A of your router be connect to the internet while at the same time be connected to a 192.168.100 (private network) Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 "Router 2's port C will be on another site and is the main entry point for the VPN. This will have whatever the network it currently is on's range. Port D will me connected to a PC." You sate that Port 1( C ) of this 2nd route is in another site -- how is port C(1) connected to your network?? If its other port D (2) is just connected to a PC?? How does your site talk to router 2?? Does site 2 have its own internet connection? And some other router? yes. bnoth sites have internet connection. Router 1 (A and B) and Router 2 (C and D).... Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 "Router 1's port A will be directly connected to my current network and to the internet. This is 192.168.100.x" That makes NO sense -- how can port A of your router be connect to the internet while at the same time be connected to a 192.168.100 (private network) the better term might have been that it has a ip of 192.168.100.7 which has a gateway (router) 192.168.100.100 which IS connected to the internet... i think the better termn was "itnernet eacess" else, the vpn cant really communicate sitewise. i am sorry for sometimes describing things so horribly. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 So Router 1 (your site) Port A - Internet Port B - 192.168.100.0/24 network Router 2 (remote site) Port A - Internet Port B - Some PC only? What network? You say in your PM that router 1 has both internet and your private network on Port A - this is IMPOSSIBLE!! As to what is at remote Site I am confused - So router 2 has their internet connection on A, and Port B is what another network (what is the network? ?.?.?.?/??) Or just one PC -- if so what network is this PC on?? Does it have a public internet IP on it? edit: "a ip of 192.168.100.7 which has a gateway (router) 192.168.100.100 which IS connected to the internet..." So there is another Router?? at this 192.168.100.100 address? Don't worry about - I am taking english is not your native language, we can work through it. I just need to understand how your sites are currently configured. And the can go through how to connect them, etc. Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 So Router 1 (your site) Port A - Internet Port B - 192.168.100.0/24 network Router 2 (remote site) Port A - Internet Port B - Some PC only? What network? You say in your PM that router 1 has both internet and your private network on Port A - this is IMPOSSIBLE!! As to what is at remote Site I am confused - So router 2 has their internet connection on A, and Port B is what another network (what is the network? ?.?.?.?/??) Or just one PC -- if so what network is this PC on?? Does it have a public internet IP on it? edit: "a ip of 192.168.100.7 which has a gateway (router) 192.168.100.100 which IS connected to the internet..." So there is another Router?? at this 192.168.100.100 address? da router that gives me internet access is 192.168.100.100 ......... if i want to connect to router 1's port a, that port i have to specify a ip for it. i assign it 192.168.100.7 with a submask of 255.255.255.0 and its gateway is 192.168.100.100 site two has the same sncerio. i want to connect them and have the ability to see what is on port D of router 2.... Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 im going off work rite now (have to catch a bus to go back home) so ill try to keep up on my phone if i can with this conversation.... Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 Ok - I think I am getting it. Do you have control over this router at 192.168.1.100 to do port forwarding? Is it also the same router as your PM? Let me draw up what I now think it looks like, and we can go from there. Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 Ok - I think I am getting it. Do you have control over this router at 192.168.1.100 to do port forwarding? Is it also the same router as your PM? Let me draw up what I now think it looks like, and we can go from there. currently i have all control over all routers since i am trying this (thru teamviewer) from my house to my workplace.... Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 like i mentioned, i have to leave but i will try to keep up with this thread....ill do my best.... Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 No problem - let me get it draw up, almost done. Then you can pick it up when you can. Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 I'm here...let's hope 3G holds out..... Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 Ok here is how I understand your network -- have not put in any vpn details. But this is your 2 sites, with the 2 routers your wanting to use for your VPN to connect the 2 sites together and how they are attached to the current networks. How I am understanding it so far. What I don't understand is why the 2 vpn routers in the first place? What are the model numbers of the internet routers at these 2 locations. The same devices that you PM'd me? And I can understand at site 2 hanging something off of port D that you want to access from site 1. But I am confused on what you think port b on vpn router in site 1 is needed for? Where do you want to access this PC connected to port D from in Site 1? "Router 1's port B will be used for servicing the device (another network different)" What is the network ?.?.?.?/?? Is this another PC, why can you not just access the device on site 2 vpn router port D from some device on your 192.168.100.x/24 network. So you don't want any other devices on Site 1 to be able to Talk to any other devices on Site 2? if the internet routers at the sites are the same model as you sent in PM, why can you not just create a site-to-site vpn using those routers and let all devices from Site 1 talk to devices on Site 2. Really need to understand what network is over at Site 2 to tell you how to get this to work. Or run into the possibility of stepping on the network they are using. For all I know they are also using 192.168.100.0/24 ??? If you want devices from site 1 to talk to devices in site 2 I would just setup a site-to-site vpn something like this. then all your devices could talk to each other - like they were the same site really, just a bit slower depending on your internet speeds. Link to comment Share on other sites More sharing options...
metro2012 Posted June 29, 2012 Author Share Posted June 29, 2012 Ok here is how I understand your network -- have not put in any vpn details. But this is your 2 sites, with the 2 routers your wanting to use for your VPN to connect the 2 sites together and how they are attached to the current networks. How I am understanding it so far. What I don't understand is why the 2 vpn routers in the first place? What are the model numbers of the internet routers at these 2 locations. The same devices that you PM'd me? it looks i believe correct. vpn router at site one should have gateway of 192.168.100.100 insteda of 192.168.1.100 right? port b (afaik) is just to service the router (configuration) the reason for the 2 vpn routers is because one (site a) will act as a server and the other (site b) will act as a client. yes, they are the exact same models i pmd u. And I can understand at site 2 hanging something off of port D that you want to access from site 1. But I am confused on what you think port b on vpn router in site 1 is needed for? Where do you want to access this PC connected to port D from in Site 1? yes, at port d there is a posibility of being 1 or more devices (via switch) hanging off that. "Router 1's port B will be used for servicing the device (another network different)" What is the network ?.?.?.?/?? Is this another PC, why can you not just access the device on site 2 vpn router port D from some device on your 192.168.100.x/24 network. the "?.?.?.?" network is another network not located at site a. it means i can have a site b, site c, site d, etc. So you don't want any other devices on Site 1 to be able to Talk to any other devices on Site 2? if the internet routers at the sites are the same model as you sent in PM, why can you not just create a site-to-site vpn using those routers and let all devices from Site 1 talk to devices on Site 2. well, its a solution but i do not know how to implament it. wud this be bridge mode instead of routing? Really need to understand what network is over at Site 2 to tell you how to get this to work. Or run into the possibility of stepping on the network they are using. For all I know they are also using 192.168.100.0/24 ??? its a (and I really hate to say this but....) universal solution; shouldnt matter what site 2/3/4/5/etc has. this is what was told by us; doesnt matter what they other network has. If you want devices from site 1 to talk to devices in site 2 I would just setup a site-to-site vpn something like this. then all your devices could talk to each other - like they were the same site really, just a bit slower depending on your internet speeds. speed for now isnt really that important as it would be simply switches to be seen and editing/sending text files. thank u for the help budman. on a side note, what program do u use to make the drawings? this way i can make them as well and the graphics are similar :) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 "shouldnt matter what site 2/3/4/5/etc has. this is what was told by us; doesnt matter what they other network has." Who told you that? You can not have a vpn with with the same network on both sides! Yes in general if your running an ODD ball network on your side, its unlikely that you will run into a problem. But sorry you can not vpn network 192.168.100.0/24 at site A if site B is using the same address space, ie 192.168.100.0/24 Now you could NAT in the case of same network on the other side, etc. So you can work around it - but understanding the address space on both network is kind of requirement! "the reason for the 2 vpn routers is because one (site a) will act as a server and the other (site b) will act as a client." But you already have 2 router that can do VPN, your internet routers! Why do you think you need more? Just create the vpn between your 2 internet routers. And yes you can repeat for sites 3, 4 and 5, etc.. Your making it way more complicated trying to put the vpn endpoint on the inside of the networks vs at the gateway. So section 4.6 on the manual for the routers goes over VPN. You can do this on your internet routers, you don't need routers inside your network to act as the vpn serves. And you could ipsec vpn as well, section 4.6.2 to your other sites. And yes if done on the internet router with openvpn one would be the server and the other end would be considered the client. BTW I use visio for my drawings. Link to comment Share on other sites More sharing options...
metro2012 Posted June 30, 2012 Author Share Posted June 30, 2012 "shouldnt matter what site 2/3/4/5/etc has. this is what was told by us; doesnt matter what they other network has." Who told you that? You can not have a vpn with with the same network on both sides! Yes in general if your running an ODD ball network on your side, its unlikely that you will run into a problem. But sorry you can not vpn network 192.168.100.0/24 at site A if site B is using the same address space, ie 192.168.100.0/24 Now you could NAT in the case of same network on the other side, etc. So you can work around it - but understanding the address space on both network is kind of requirement! the person who told us this was the one selling the product. i think it also makes sense.... this scenario is made to give support to other companies. we were told that once the server is configured, the only thing we have to configure is the client (certificate, its current network, the server where OpenVPN is installed, etc) it seems these routers then resolve this via NAT if you comment it is the only way possible. one of the reasons we need 2 of them: they both understand when the other is in client or server mode and do the "NATting" by themselves. i wasnt there the first time we met with the other company but i imagine that this was said. currently, btw (i did not mention this and might have helped ALOT more), we use a talk2m system. well we know how the talk2m system works but ill just describe it for the sake of it. we have a pc here at the office which connects to the talk2m server which at the same time is connected to different clients. simply the server established a vpn between us and the talk2m server and the server itself makesa vpn between itself and our remote clients. we want to sort of cut that middle man out and have our own server. plus the costs are way better (at least thats what my boss told me) "the reason for the 2 vpn routers is because one (site a) will act as a server and the other (site b) will act as a client." But you already have 2 router that can do VPN, your internet routers! Why do you think you need more? Just create the vpn between your 2 internet routers. And yes you can repeat for sites 3, 4 and 5, etc.. Your making it way more complicated trying to put the vpn endpoint on the inside of the networks vs at the gateway. i believe these routers are made for this type of scenario. the other reason why we need 2 is because, yes on our end we know perfectly what there is but on the other site, we will never know what we will find: if we get a new client and we have to install this, his network might have nothing to do wit the others. thats why i commented on this, these 2 identifcal routers being a......u know (i dont like the term universal solution cuz it sounds like sumthing apple wud say and in the network wurld it doesnt exist) So section 4.6 on the manual for the routers goes over VPN. You can do this on your internet routers, you don't need routers inside your network to act as the vpn serves. And you could ipsec vpn as well, section 4.6.2 to your other sites. And yes if done on the internet router with openvpn one would be the server and the other end would be considered the client. i didnt understand this part too well. and yes, if i was to get this openvpn thing to work, i wud try to use ipsec instead. i believe it is alot more secure, correct? BTW I use visio for my drawings. ok thanks thanks for all ur help budman. its too bad i cant go to the office and do more tests. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 30, 2012 MVC Share Posted June 30, 2012 "they both understand when the other is in client or server mode and do the "NATting" by themselves." What?? Where would you get the idea that they auto nat if there is same network on both sides? I think there is a lack of basic understanding on how tcp/ip works in general here. But I think I now get this -- so your going to throw these into a remote site to monitor and remote access 1 specific piece of equipment or the PC that manages this industrial equipment. This is not you creating a vpn to another site of your company, but some remote customer your supporting 1 piece of equipment with? I am thinking there is more of language barrier here than I thought - so you have 4 of these NB1600 wireline currently?? This seems unlikely. This customer your supporting at the remote site is using this NB1600 as their "internet" router for their whole network? That seems unlikely to me after reading the whole manual, and not just jumping to see what it supports for vpn solutions. Here is the thing. If what you want to do is connect some ethernet device to this, and plop this into someones network, then no it does not matter what network they are using because YOU control the network that is connected to the lan port of this router.. Its not their network - this is where my confusion came in. But what you will need is the ability to get out of their network via whatever port your using as the openvpn port. And I can tell you right now, that most companies don't allow 1194 UDP outbound from their network. Now if your going to work with their IT to allow this to happen, sure that is not a problem then. So now on your end. If your going to access the device that is on the other side with a PC connected to port B of the device on your end does not matter what network your lan is using because you can control what network is on this device. If you want any device on your network to be able to connect to this device on the remote site, then this should be your gateway device. So now this is how I see what you want to do. And as you add different sites their PC your supporting would be on say 10.10.20.0/24, and then 10.10.30.0/24, etc. What I would REALLY Suggest you do is the company that sold you this - to get their butts back into your place and show you how to use this so that you understand it. Now if your internet router supports vpn connections, then you could endpoint the remote clients vpn to your gateway device and anything on your network could access the vpn clients PCs But if you have the endpoint inside your network, only PCs connected to this router other B port would be able to access the vpn clients PCs. In the above example, PC on your 192.168.100.0/24 network would not know how to get to 10.10.10.0/24 -- you would have tell the PCs on your 192.168.100.0/24 network that 192.168.100.7 was the hop for the 10.10.10.0/24, and you would also have to tell the remote router how to get to a 192.168.100.0/24 network - would not be a very efficient setup if you ask me. Either we are having more of language barrier than I thought, or your not very good with routing? And how different networks know how to get too other networks, etc. edit: Question, if its a PC on the remote side you need to support, why don't they just run a openvpn client on the PC directly - why do you need this vpn router?? Is the other end actually a piece of equipment and not say a PC running windows or linux? And not sure why you need this router on your end - if your using openvpn, any linux box would work you don't need a piece of equipment that has a limit of 10 vpn connections on your end. Link to comment Share on other sites More sharing options...
metro2012 Posted June 30, 2012 Author Share Posted June 30, 2012 big post. will try to answer all questions.... "they both understand when the other is in client or server mode and do the "NATting" by themselves." What?? Where would you get the idea that they auto nat if there is same network on both sides? I think there is a lack of basic understanding on how tcp/ip works in general here. i get the idea of they doing "auto nat" because they are made 4 this sncerario: connecting from "site one main" to different sites, irrelevent of the remote networks ip. I believe i also mentioned using webmin with a guide like this http://michigantelep...-client-part-3/ (a similar guide, its not exactly that one) quickly running thru, there are lines like this push ?route 192.168.0.0 255.255.255.0? push redirect-gateway push ?dhcp-option WINS 192.168.0.50? script-security 2 system as you see a certain route must be made and i believe the dhcp-option hands out IPs; these unix commands im not sure what they mean (neither does the guy that sells the product; he actually told me he is scared to use the command line :rolleyes: ) But I think I now get this -- so your going to throw these into a remote site to monitor and remote access 1 specific piece of equipment or the PC that manages this industrial equipment. This is not you creating a vpn to another site of your company, but some remote customer your supporting 1 piece of equipment with? there is more than 1 pieces of equipment on the other side and yes; it is not our company, just our equipment. I am thinking there is more of language barrier here than I thought possibily. i apolizige for that - so you have 4 of these NB1600 wireline currently?? This seems unlikely. This customer your supporting at the remote site is using this NB1600 as their "internet" router for their whole network? That seems unlikely to me after reading the whole manual, and not just jumping to see what it supports for vpn solutions. no no no. there are only 2 NB1600: one is ours at our site (server) and the other will be at the remove company's site on our equipment client. neither of them act or will act as the internet router for their whole network. Here is the thing. If what you want to do is connect some ethernet device to this, and plop this into someones network, then no it does not matter what network they are using because YOU control the network that is connected to the lan port of this router.. Its not their network - this is where my confusion came in. But what you will need is the ability to get out of their network via whatever port your using as the openvpn port. And I can tell you right now, that most companies don't allow 1194 UDP outbound from their network. Now if your going to work with their IT to allow this to happen, sure that is not a problem then. i also had this doubt (about their port being opened/unopened) the thing is on the product page is speicifcally says this: Using TCP port 80 for the VPN allows passing most firewalls in a factory or on customer side. the link i sent u in the pm says that so i imagine this is how it gets pass the firewall. i have doubts about this but maybe you can clear it up as to some "trick" it has to be able to do this So now on your end. If your going to access the device that is on the other side with a PC connected to port B of the device on your end does not matter what network your lan is using because you can control what network is on this device. If you want any device on your network to be able to connect to this device on the remote site, then this should be your gateway device. i understand that like this: (irrelevent to the whole scenario, just to make sure i understand) network 1: ip: 192.168.1.1 submask: 255.255.255.0 gateway: 192.168.1.1 network 2: ip: 10.10.10.1 submask: 255.255.255.0 gateway: 192.168.1.1 from what u wrote i understand that on network two, i should be able to access whatever is on network one as long as the gateway is set to that??? shuldnt there be a route? So now this is how I see what you want to do. And as you add different sites their PC your supporting would be on say 10.10.20.0/24, and then 10.10.30.0/24, etc. heres one of the oddest of the parts which i completely do not understand why: he told me that if i in port d i connect a switch and have different equipment i wud have to assign something like this: port d: 176.16.0.0 (the network range) switch equipment handing of the first port of the switch: 176.16.1.0 equipment handing of the second port of the switch: 176.16.2.0 equipment handing of the third port of the switch: 176.16.3.0 why wud this even be needed??? What I would REALLY Suggest you do is the company that sold you this - to get their butts back into your place and show you how to use this so that you understand it. the guy doesnt "control" what he is doing. they were trying to sell us a product which was not in the catalog (because I phoned up NetModule to ask something and they said they dont make the product anymore and there isnt even any mention of it on their site) and netmodule told me that they dont sell it anymore because bascially what they sold was a pc with a openvpn server preconfigured and they dont sell it becuase most companies already have a server/router/etc with openvpn. anyways, i told my boss about this (wasnt happy) and he told the company trying to sell us the prodcut this (they didnt even know it was discontinued) and obviously they were still selling the discontinued product but never tried out the new product so they dont know how to configure it (the "if it aint broke, dont fix it" thing) so the guy really has no idea wha he is doing. he simply goes by trial and error and obviously i dont know anything that he even tries so........ Now if your internet router supports vpn connections, then you could endpoint the remote clients vpn to your gateway device and anything on your network could access the vpn clients PCs the internet router controls vpn connections but i dont know what kind. might be pptp which is kind of insegure right? But if you have the endpoint inside your network, only PCs connected to this router other B port would be able to access the vpn clients PCs. In the above example, PC on your 192.168.100.0/24 network would not know how to get to 10.10.10.0/24 -- you would have tell the PCs on your 192.168.100.0/24 network that 192.168.100.7 was the hop for the 10.10.10.0/24, and you would also have to tell the remote router how to get to a 192.168.100.0/24 network - would not be a very efficient setup if you ask me. i imagine that by hop you mean creating a route for it which is my main barrier as i do not control very well how to do this. Either we are having more of language barrier than I thought, or your not very good with routing? And how different networks know how to get too other networks, etc. both i think. in octuber im starting a course to get my ccna which i hope clears things up 4 me..... edit: Question, if its a PC on the remote side you need to support, why don't they just run a openvpn client on the PC directly - why do you need this vpn router?? Is the other end actually a piece of equipment and not say a PC running windows or linux? this wud be ideal (perfect) but no, its equipment with a tcp/ip stack, nothing else. i can only assign ips to it And not sure why you need this router on your end - if your using openvpn, any linux box would work you don't need a piece of equipment that has a limit of 10 vpn connections on your end. yes, i first tried with a linux box setting it up but i was told that since the original plan was 2 nb1600, one as server the others as clients, to stick to that. and here i am..... thank u for all ur help budman. i cannot state this enough :) Link to comment Share on other sites More sharing options...
Recommended Posts