NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Accessing specific VLAN after VPN
Hi,
I have a SRX5308 and have set up a PPTP VPN server. I have four VLANS configured, say:
10.0.A.0/24
10.0.B.0/24
10.0.C.0/24
10.0.D.0/24
and the PPTP server configuration is to give VPN clients
10.0.F.20-29
I am able to connect to the server and surf as "from the network". But how do I setup a route(?) so I am able to access (or logically be attached to) the devices on 10.0.A.0/24 network from my VPN client?
I have searched high and low for this but haven't found any clear instruction on how to do this.
Any help would be much appreciated.
Thanks
Joakim
- Ah yeah that would explain it :)
IPSec is very easy to set up, don't be scared by the many settings - you won't really need to do much with then. As for the fqdn you'll set that in the client you're connecting from so it doesn't really matter from where.
With the Netgear IPSec client it's really easy and the support team can help you get it working.. There's a 30 day free trial so you can test it.
There's also a free third party client called Shrewsoft, it's pretty easy to set up too but some features seem hard to get working, I'd recommend the official Netgear client but if you want to give shrew a go I did write a small guide a while back for a very basic client-to-box setup with it;
http://www.hexnet.se/srx5308-ipsec-vpn-with-shrew-soft/
I think there's been some issues with shrew and certain firmware though, at some point you could only do mode config (which is what shrew's own manual shows) but I can't get that working with the srx5308's latest firmware.. However I didn't spend too much time on it, I'm sure it can be figured out.
6 Replies
Hejsan!
What's the local IP of the network that you're connecting from? I'd say that you should be able to access the local resources now already.
Otherwise you can try to add a static route to the pc you're on, point it to the SRX5308's PPTP interface (which, if I recall correctly, would be the first one in the range you entered)... So in your case;
route add 10.0.0.0 MASK 255.255.0.0 10.0.F.20 metric 2
That would however summarize all your 10.0.x.0 networks in one go, you could adjust it if you want. But if you're running full tunnel (all your Internet traffic goes through the VPN) I don't see why you'd need static routes at all. Although I must admit it was a while ago since I set up PPTP.. Have you considered going for IPSec instead? :) Secure and easy!
Thanks for your reply.
I think I might have had the same IP-address range (10.0.A.0/24) on the network I was coming from and VPNing to.
That's why my nslookup answered the local gateway instead of the remote vpn. When I tried from another network I was able to ping the 10.0.A.X devices on the remote network.
I looked into setting up a IPSec as per your suggestion, but didn't quite get it. I somehow seem to need to configure a FQDN for the remote IP which is not possible if I have a client surfing a random network.
I will have to further investigate this but it is not super easy to setup. :)
/J
- Ah yeah that would explain it :)
IPSec is very easy to set up, don't be scared by the many settings - you won't really need to do much with then. As for the fqdn you'll set that in the client you're connecting from so it doesn't really matter from where.
With the Netgear IPSec client it's really easy and the support team can help you get it working.. There's a 30 day free trial so you can test it.
There's also a free third party client called Shrewsoft, it's pretty easy to set up too but some features seem hard to get working, I'd recommend the official Netgear client but if you want to give shrew a go I did write a small guide a while back for a very basic client-to-box setup with it;
http://www.hexnet.se/srx5308-ipsec-vpn-with-shrew-soft/
I think there's been some issues with shrew and certain firmware though, at some point you could only do mode config (which is what shrew's own manual shows) but I can't get that working with the srx5308's latest firmware.. However I didn't spend too much time on it, I'm sure it can be figured out.Ok, thanks.
One last question:
Is there any way of using IPsec and not having to use any third party software but instead use the built in vpn software in OSX and win 10?
Hi joakimcarlsten,
So far, I have not found any articles online about using the built-in VPN client of OS X and Windows 10. However, most VPN users would recommend IPSecuritas and VPNtracker to be used with OS X. Let me share these articles below as references:
Mac OS X VPN Client install with ProSAFE VPN Firewall/Router
MAC VPN client vendors for ProSECURE UTM & ProSAFE Routers
IP Securitas Os X – Netgear FVS336G VPN Settings
NETGEAR - IPSEC VPN Client - MAC & Iphone & Ipad - (Client 2 Box)
http://www.vpntracker.com/us/vendor/6/netgear-mac-vpn-client.html
Furthermore, read this forum link from Apple Support Communities below:
https://discussions.apple.com/thread/1351175?tstart=0
Hope it helps :)
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
