NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

joakimcarlsten's avatar
Jun 03, 2016
Solved

Accessing specific VLAN after VPN

Hi,

 

I have a SRX5308 and have set up a PPTP VPN server. I have four VLANS configured, say:

10.0.A.0/24

10.0.B.0/24

10.0.C.0/24

10.0.D.0/24

 

and the PPTP server configuration is to give VPN clients

10.0.F.20-29

 

I am able to connect to the server and surf as "from the network". But how do I setup a route(?) so I am able to access (or logically be attached to) the devices on 10.0.A.0/24 network from my VPN client?

 

I have searched high and low for this but haven't found any clear instruction on how to do this. 

 

Any help would be much appreciated.

 

Thanks

Joakim

  • Ah yeah that would explain it :)

    IPSec is very easy to set up, don't be scared by the many settings - you won't really need to do much with then. As for the fqdn you'll set that in the client you're connecting from so it doesn't really matter from where.

    With the Netgear IPSec client it's really easy and the support team can help you get it working.. There's a 30 day free trial so you can test it.

    There's also a free third party client called Shrewsoft, it's pretty easy to set up too but some features seem hard to get working, I'd recommend the official Netgear client but if you want to give shrew a go I did write a small guide a while back for a very basic client-to-box setup with it;
    http://www.hexnet.se/srx5308-ipsec-vpn-with-shrew-soft/

    I think there's been some issues with shrew and certain firmware though, at some point you could only do mode config (which is what shrew's own manual shows) but I can't get that working with the srx5308's latest firmware.. However I didn't spend too much time on it, I'm sure it can be figured out.

6 Replies

  • Danthem's avatar
    Danthem
    NETGEAR Employee

    Hejsan!

     

    What's the local IP of the network that you're connecting from? I'd say that you should be able to access the local resources now already. 

     

    Otherwise you can try to add a static route to the pc you're on, point it to the SRX5308's PPTP interface (which, if I recall correctly, would be the first one in the range you entered)... So in your case;

    route add 10.0.0.0 MASK 255.255.0.0 10.0.F.20 metric 2 

     

    That would however summarize all your 10.0.x.0 networks in one go, you could adjust it if you want. But if you're running full tunnel (all your Internet traffic goes through the VPN) I don't see why you'd need static routes at all. Although I must admit it was a while ago since I set up PPTP.. Have you considered going for IPSec instead? :) Secure and easy!

    • joakimcarlsten's avatar
      joakimcarlsten
      Aspirant

      Thanks for your reply.

       

      I think I might have had the same IP-address range (10.0.A.0/24) on the network I was coming from and VPNing to.

       

      That's why my nslookup answered the local gateway instead of the remote vpn. When I tried from another network I was able to ping the 10.0.A.X devices on the remote network.

       

      I looked into setting up a IPSec as per your suggestion, but didn't quite get it. I somehow seem to need to configure a FQDN for the remote IP which is not possible if I have a client surfing a random network.

       

      I will have to further investigate this but it is not super easy to setup. :)

      /J

  • Danthem's avatar
    Danthem
    NETGEAR Employee
    Ah yeah that would explain it :)

    IPSec is very easy to set up, don't be scared by the many settings - you won't really need to do much with then. As for the fqdn you'll set that in the client you're connecting from so it doesn't really matter from where.

    With the Netgear IPSec client it's really easy and the support team can help you get it working.. There's a 30 day free trial so you can test it.

    There's also a free third party client called Shrewsoft, it's pretty easy to set up too but some features seem hard to get working, I'd recommend the official Netgear client but if you want to give shrew a go I did write a small guide a while back for a very basic client-to-box setup with it;
    http://www.hexnet.se/srx5308-ipsec-vpn-with-shrew-soft/

    I think there's been some issues with shrew and certain firmware though, at some point you could only do mode config (which is what shrew's own manual shows) but I can't get that working with the srx5308's latest firmware.. However I didn't spend too much time on it, I'm sure it can be figured out.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More