VPN Gateway - IP Routing Problem
Greetings All.. I have a puzzler which I could use some help with.
I currently have a couple of LANs which are connected by external VPN Routers. Each of the LANs use static addresses within the 192.168.0.0/25 range. That is to say the network has been divided into 2 subnets with a netmask of 255.255.255.128 - The first subnet utilizing address from 192.168.0.1 to 192.168.0.127 and the second with addresses of 192.168.0.129 to 192.168.0.254
I now have to provide VPN access for a couple of road warriors who will be connecting from an unknown IP. The existing external VPN routers can't provide this functionality without installing software (a VPN Client) onto the remote hosts - and (of course) it doesn't support Mac OS X. Hence I need to achieve this with what I have.
As we have a few spare static IPs in the allocation from our ISP, I decided to set up one of the Xserves as a VPN Gateway - but I just can't seem to get it to route IP properly.
Here's what I've done so far:
Assigned the public IP to en1 - tested and confirmed I can connect to the internet
Assigned the private static IP to en0 - tested and confirmed I can access the internal network
Set en1 to the top of the service order list.
Configured the Firewall so that any traffic is allowed on 192.168-net and only the required ports are open to facilitate a VPN connection on any-net
Configured the VPN service to use L2TP with MS-CHAPv2 authentication and a shared secret and assigned an address range of 192.168.0.100 to 192.168.0.120 - which are not used on the LAN
Assigned the correct settings for the internal DNS and default search domain and specified a private route for 192.168.0.0/25
Enabled NAT and specified en1 as the WAN port.
In theory this should work... but although the remote host can connect to the VPN, authenticates OK and receives an IP address within the range 192.168.0.100 to 192.168.0.120, it is unable to connect to anything on the LAN.
Pinging the remote host from the server results in 100% packet loss. Pinging the server from the host results in a strange "Cannot Allocate Memory" error.
I'm guessing that this is probably something to do with an overlapping DHCP range - except I have static addresses on the LAN and DHCP is not turned on.
Any clues?
Thanks - Anton
I currently have a couple of LANs which are connected by external VPN Routers. Each of the LANs use static addresses within the 192.168.0.0/25 range. That is to say the network has been divided into 2 subnets with a netmask of 255.255.255.128 - The first subnet utilizing address from 192.168.0.1 to 192.168.0.127 and the second with addresses of 192.168.0.129 to 192.168.0.254
I now have to provide VPN access for a couple of road warriors who will be connecting from an unknown IP. The existing external VPN routers can't provide this functionality without installing software (a VPN Client) onto the remote hosts - and (of course) it doesn't support Mac OS X. Hence I need to achieve this with what I have.
As we have a few spare static IPs in the allocation from our ISP, I decided to set up one of the Xserves as a VPN Gateway - but I just can't seem to get it to route IP properly.
Here's what I've done so far:
Assigned the public IP to en1 - tested and confirmed I can connect to the internet
Assigned the private static IP to en0 - tested and confirmed I can access the internal network
Set en1 to the top of the service order list.
Configured the Firewall so that any traffic is allowed on 192.168-net and only the required ports are open to facilitate a VPN connection on any-net
Configured the VPN service to use L2TP with MS-CHAPv2 authentication and a shared secret and assigned an address range of 192.168.0.100 to 192.168.0.120 - which are not used on the LAN
Assigned the correct settings for the internal DNS and default search domain and specified a private route for 192.168.0.0/25
Enabled NAT and specified en1 as the WAN port.
In theory this should work... but although the remote host can connect to the VPN, authenticates OK and receives an IP address within the range 192.168.0.100 to 192.168.0.120, it is unable to connect to anything on the LAN.
Pinging the remote host from the server results in 100% packet loss. Pinging the server from the host results in a strange "Cannot Allocate Memory" error.
I'm guessing that this is probably something to do with an overlapping DHCP range - except I have static addresses on the LAN and DHCP is not turned on.
Any clues?
Thanks - Anton
Many and varied.. but all Macs, Mac OS X (10.5.5)
