- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: FVS338 routing over VPN
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a way to route LAN traffic over a Gateway to Gateway VPN?
I want to have some IP addresses route through the VPN out the GW of the remote VPN location. (easily done on more advanced firewalls)
And ... at somepoint I'd like to establish a common broadcast domain (Layer 2 network). It says it will forward netBIOS but always wanting Bonjour etc...
both end points are FVS338 firewalls
Gateway VPN works fine
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi B3dr0ck,
What you want to achieve is possible but it is not something supported solely on the device. You would need to setup a proxy server at the remote side, and change the local machines gateway (or use a route) to route traffic to that server, over the VPN, and then to out the WAN of the remote device and then back again. The FVS338 only provides remote subnet access. This is why a Proxy Server is needed, as the FVS338 does not have that functionality.
As far as the layer 2, though it says NetBIOS, it is only layer 3 traffic that will cross the VPN on the FVS338 (NetBIOS over TCP/IP). Layer 2 traffic has never worked and is not implemented. Regarding this, you may submit a feature request via NETGEAR Support or you may post it on the Idea Exchange for Business here.
But even then, the FVS338 is already EOL or End-Of-Life and it would not get that feature if the engineering team adds it. The feature request might be possibly implemented to NETGEAR ProSAFE VPN firewall devices that are not yet EOL.
Regards,
DaneA
NETGEAR Community Team
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
This would allow traffic from one VPN to another sub VPN. This does not do anything for what I am trying to do.
I am trying to route specific traffic across the VPN to the other VPN as a default gateway. So that some identified traffic on one network uses the internet connection on the opposite side VPN.
I want the VPN Firewall 1 to be a proxy for some (or all if necessary) internet bound traffic from LAN2 over the VPN.
It would seem all you would need to do is put one routing statement in with a source of LAN2 IP with a Gateway of the opposite side VPN, but the only routing that can be added is a destination IP address, and I can't figure a way to do a default/catch all/wildcard address.
This basically works with the VPN client, but not with the site the site VPN.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi B3dr0ck,
What you want to achieve is possible but it is not something supported solely on the device. You would need to setup a proxy server at the remote side, and change the local machines gateway (or use a route) to route traffic to that server, over the VPN, and then to out the WAN of the remote device and then back again. The FVS338 only provides remote subnet access. This is why a Proxy Server is needed, as the FVS338 does not have that functionality.
As far as the layer 2, though it says NetBIOS, it is only layer 3 traffic that will cross the VPN on the FVS338 (NetBIOS over TCP/IP). Layer 2 traffic has never worked and is not implemented. Regarding this, you may submit a feature request via NETGEAR Support or you may post it on the Idea Exchange for Business here.
But even then, the FVS338 is already EOL or End-Of-Life and it would not get that feature if the engineering team adds it. The feature request might be possibly implemented to NETGEAR ProSAFE VPN firewall devices that are not yet EOL.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
Thanks for the reply.
That is what I thought. Some outside clarity helps.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
One way to do this that's a bit dirty is to have the clients on the lan1 that you want going out the wan of lan2 connect to lan2's router l2tp or ssl server over the vpn tunnel. This way, you don't have to expose lan2's vpn services to the outside world and you don't have to worry about compression or encryption to keep speeds up.
I have made a configuration like this using the cisco rv-series, but by doing exactly the same thing I described.
I'm sure there's a way to get this working by also altering the vpn tunnel configuration and some static routes, but I'm not familiar enough with those methods to know how.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
Research "split" & "full" tunneling.
Split tunneling routes only the network traffic intended for the LAN at the far side of the VPN connection through the tunnel, and allows all other traffic out to the internet - full tunneling routes ALL the traffic through the tunnel so that any internet traffic will use the gateway at the far end - NO PROXY SERVER REQUIRED.
Full tunneling is quite common in situations where it is intended to enforce corporate internet usage policies at the branch office level, using a firewall located at the corporate head office.
Can it be done via a "gateway to gateway" VPN - YES - I have done it with an FVS318N at one end and an FVS336G at the other. Unfortunately, that was quite some time ago, and the configurations have long since been changed, however it is possible.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
Bingo!
Do you happened to recall how you got it working--routes, vpn profiles? I remember reading for hours on this topic once just out of curiosity, but never tried anything (and hence forgot most of what I learned).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
Like I said - it was a long time ago.
Experiment with the VPN Policy, traffic selection settings - I think that's where it was done.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
I think on the old forum there was a thread that said how it could be done--and it might have been as simple as messing with the subnet mask on the vpn configs, but that's just a guess. I can't remember either. 😞
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS338 routing over VPN
I dont think it is possible without putting a proxy on an edge, or using the VPN client.
I imagine you could create a PC on LAN2 with the VPN client. It would have an IP address on LAN1. Then you could have it as the gateway and do DHCP for a LAN. That might be a way to have a layer2 VPN, but at least route out LAN1.
What if you messed with the subnet mask and superneted LAN 2 with a proxy of somesort? That way it would include LAN1 and you could set LAN1's gateway on the proxied Lan2 devices.