0

I'm quite new to networking and am trying to set up my first VPN connection.

The Situation:

I have been contracted for some programming at a facility some distance from my location. I would like to be able to set up a simple VPN connection to their network so that I may make adjustments without significant travel.

Their Current Network:

Six devices (one I need to connect to) plugged into a basic router (Dlink). This router has an internet connection and a static ip address.

My Hopeful (questionable) Proposal:

I attach a VPN Firewall I happen to own (Netgear FVS318) as device number seven on the client network. I disable routing / DHCP in the Netgear. I forward the appropriate IPSec ports from the Dlink to the Netgear. I then create a VPN connection on my office Windows 7 machine to the remote network. The request is forwarded from the Dlink to the Netgear where the VPN connection is authenticated. I now have a remote-access connection from my office PC to the client's local network.

The Question:

Will this proposal work? If not, would another possibility be to attach a computer with a VPN server to the client network?

Also, as a note: the client has requested I not replace their router or place mine in-between theirs and the internet :(

Thanks very much!

Updates:

2012-06-04-0844:

Been trying to test proposed setup with no success. Not yet sure if problem is with network organization or connection configuration.

2012-06-04-1240:

I can access the Dlink network when I do one of the following:

  • Place the Netgear VPN between the internet and Dlink (although this is NOT allowed by client)
  • Attach a computer running a VPN server to the Dlink network

I cannot, however, create a VPN tunnel when just using the Netgear VPN firewall as another device on the Dlink network.

This leads me to a tentative answer of "No, attaching a VPN firewall to an existing network does not seem to be enough to create a remote-access VPN."

2012-06-04-1617 (final update):

Thanks @MikeAWood ! My proposed setup will not work as desired because the Netgear is designed to tunnel from the WAN to LAN. I instead implemented a solution by connecting an additional PC (with a VPN server) to the Dlink network.

jules
  • 3
  • 3
  • I'll bite: Is it one end or both ends that have NAT? What type of VPN protocol are you using? IPSEC? – Jeff Ferland Jun 04 '12 at 18:54
  • @JeffFerland : I hope I'm understanding your question correctly. My office machine is directly connected to the internet with a static IP (so **no** NAT on that end?). The router on the client end also has a connection to the internet through a static IP, though this router has six devices attached to it (so **yes**, NAT on this end?). And yes, the supported VPN protocol on the Netgear router is IPSEC. – jules Jun 04 '12 at 19:15
  • is IPv6 available? )(or nat6to4) should solve most (if not all) of your problems – Jim B Jun 04 '12 at 23:24

3 Answers3

0

Tentative answer after some experimentation:

No, attaching a VPN firewall to an existing network does not seem to be enough to create a remote-access VPN. (see question updates for additional information)

jules
  • 3
  • 3
0

The issue will be that the netgear will assume that you are connecting to its WAN interface and VPNing to his LAN interface. In order to accomplish what you are trying to do, you will need to put the netgear beween the internet an the dlink or the dlink and the network. Or simply replace the dlink with the netgear.

The more complicated explanation is that the VPN tunnel is created on the LAN side of the router. But the IPSec part of the communications tunnel is expected to originate from the WAn side of the router. So it is unable to create a tunnel on the same network it is trying to connect to.

MikeAWood
  • 2,566
  • 1
  • 13
  • 13
  • you might have better luck with gotomypc or some similiar services that can be installed on the remote stations to allow access remotely. VPN will work, but the client's side will need to allow you to swap out the router to do so. – MikeAWood Jun 04 '12 at 22:24
  • @TheCleaner [suggested this](http://serverfault.com/a/395524/123401) as well; a good idea, but a bit different from what I need. I ended up with [this solution](http://serverfault.com/q/395241/123401) (final update at bottom). – jules Jun 04 '12 at 22:38
  • I see your comment and the VPN requirement makes more sense now. – MikeAWood Jun 04 '12 at 22:44
0

I have been contracted for some programming at a facility some distance from my location.

Why not go with the simple solution? Setup a webex or join.me or Gotomypc or similar for the length of the contract, do the programming, and be done.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • While I like this solution, I should have been more clear: the programming requires specialized software not owned by the client, and the devices on the network are not computers. – jules Jun 04 '12 at 22:14