I need to connect 2 networks over a VPN

what port are you forwarding? What kind of connection to your SBS do you need?

You could ditch the D-Link in favor of reviving a spare old computer.  Slap a second network card in an old P75 or whatever is in the basement/attic collecting dust then install IPCop on it (www.ipcop.org).  It's a ~20MB iso and installs in about 20 minutes from poweron to configured and online (configuration is done via a point-n-click web interface including IPSec VPN's (x509 or PSK based)).  You won't hit tunnel limits like you did on the D-Link (if that is indeed what happened).  I've heard of people having 50+ tunnels at once with no problems.

I'm gonna give the ipcop a try but will this still work to create a tunnel between ipcop and my hotbrick?? or will the tunnel be between the hotbrick and the sbs sitting behind the ipcop?

I think he means the tunnel will be between the hotbrick and the ipcop box.

IPCop is a good product. I've used it at home for several years with little problems. Just remember it's only as reliable as the hardware you run it on, so if you need a long term solution, you will want to get a newer box to run it on or buy an applience that will do what you need.

The VPN would be a Net to Net VPN.

One of my configurations is as follows:

IPCop #1, "work LAN" and the GREEN interface on IPCop are in the 192.168.1.0 subnet
     |
VPN Tunnel
     |
IPCop #2, "home LAN" and the GREEN interface on IPCop are in the 192.168.5.0 subnet
     |
VPN Tunnel
     |
IPCop #3, "home test LAN" and the GREEN interface on IPCop are in the 192.168.10.0 subnet

While the VPN tunnels are active (I manually bring up/down the one on the test LAN as needed), all computers on all 3 subnets can ping each other, browse SMB shares, use AD resources, etc.

I've never used a hotbrick so I'm not certain on how it does VPNs, but if it's IPSec PSK or x509 based, IPCop should have no trouble.  L2TP may be a different story...however, you could do L2TP from the hotbrick to the SBS with appropriate port forwarding on the IPCop box (worst case scenario you would need to add a line in the rc.firewall.local file to pass through GRE packets...but now I'm speculating since I haven't used L2TP to/from/or through an IPCop box yet (planning on it in the next few months tho for windoze wireless client access to connect from the RADIUS-authenticated wireless DMZ to the work LAN)

fixnix that is exactly what I want to do, almost to the "T". Ok that all sounds good and I'm going to play with the IPCop this weekend. As far as the hotbrick is concerned, on the configuration screen it takes about a Pre-Shared Key (which I assume is the PSK) or an RSA signature (X509). So it would seem that the unit should work. I'll post up on the weekend if it worked.

Thanks!!!

OK, I downloaded ipcop 1.4.2 (iso) and it does not boot. It display an error when trying to boot the kernel it looks like. I checked the md5 and it matches what they have published. I'm downloading 1.4.1 to see if it will work but any idea's on 1.4.2??

Ok so I tried the 2 cd's in my other pc and they boot just fine, so now I'm not sure....I'm gonna try swaping some boards around as I'm not 100% about the motherboard but it did boot NT4.0 just fine before I tried IPCop.....

whoops...sorry I haven't been checking back in here....been quite hectic lately.  I'm back tailing this thread now if you need me along the way.

Ok so I've finally got IPCop up and running (for some reason the Advantech PCA-6168 SBC didn't like to boot from a cdrom on the same channel as the hardrive). Anyways I've got my remote network running through it and it seems pretty good so props on that suggestion but I'm wondering if anybody has got a good how-to or something for doing a net-to-net vpn involving the IPCop. It looks like I'm gonna have to ditch the hotbrick and setup another IPCop unit, so I'm looking for the steps to connect to units back to back but keep in mind they are both working off of dynamic ip's.

cheers,
m

if you're doing an IPCop to IPCop VPN it's really easy...pretty much intuitive using PSK (Pre Shared Key) on the web interface.  Just pick one to be the "left" side and one to be the "right".

One of mine looks like this:

Home Machine:

Name:          work                              Remote Host:     xxx.xxx.xxx.xxx (world visible IP of the work IPCop box)
IPCop side:   right                               Remote Subnet: 192.168.0.1/24
local subnet: 192.168.5.0/24                
Remark:       work to home                    

Fill in the key that you'll use on the other side and check the enabled box then configure the other side the same way.
My work IPCop box would look like:

Name:          work                              Remote Host:     xxx.xxx.xxx.xxx (world visible IP of the home IPCop box)
IPCop side:   left t                               Remote Subnet: 192.168.0.5/24
local subnet: 192.168.5.1/24                
Remark:       work to home                    

Fill in the same key as the home box, check enabled and you're good to go.

It doesn't matter which you do first.

I typo'd the work example...hangon

oh crap...just saw that both ends are dynamic,.

you'd have to use a dyn-dns type thing which I've never used but am familiar with how it works...I'll be googling for the info for ya shortly...

start at http://www.dyndns.org/services/dyndns/ for an overview then click the howto link for the steps to set up your dyn-dns account. (free)

The client for dyn-dns can be run from a wondows box behind IPCop.

I'm already using easydns's service, so I assume where you have the IP of the opposite end I would put in the domain name of the unit instead?? Perfect timing, I'm gonna be needing this on thurs-friday.

cheers,

You're correct.  Just use the doman names in place of the ip's and you'll be good to go!

Worked like a charm, thanks again for the help!!!!