Solved

Multiple Gateways, Load Balancing, Multiple Devices with diagram.  Help?

Posted on 2010-11-08
5
947 Views
Last Modified: 2012-05-10
I have a network that is currently running a SYSWAN SW24 Load Balancer with one static ip provider and Comcast cable modem as my dynamic ip provider.
Everything is great.

Since my STATIC IP provider gives me 5 ip addresses I would like to use another one to add a Linksys WRT54GL dd-wrt vpn for use as an OpenVPN solution for home users.

I do not want to use my SYSWAN unit for VPN, I already know I can do that but I don't want too and also don't want to pay for the license although it is very inexpensive.

The question I have is how will my VPN traffic work correctly when using an additional static IP for the WAN on the Linksys router and keeping it in the same subnet with a 10.0.0.254 address.

I'm pretty sure it is a matter of adding routes in the Linksys router but I'm not sure what I need to do.

It is much better explained in my diagram which should be attached to this post.  Please see the diagram before asking any questions.  I'm pretty sure it shows exactly what I want to do.

Thanks. Network Diagram
0
Comment
Question by:wfninpa
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 34086153
Hi,

You should avoid to have 2 DG's for any system. What you would do is not adding a second DG. Your  VPN users will be assigned an IP range outside of your local net. Since your NetMask is 255.0.0.0 it is not possible to assign an IP range from withing the 10.x.x.x segment. You'll assign them and IP address from a different block say 172.32.1.1/24 and you'll either add a  static route to each PC which will direct 172.32.1.x traffic to the IP address of your WRT router. or you2ll add a single routing command to te syswan so taht all traffic to the 172.32.1.x traffic will be routed to your WRT device and this is it.

There's no complex operation here:
- IP assignment to your VPN users from a different subnet than your intranet.
- Add a static routing rule to  SYSWAN so all the traffic to the above created subnet to the WRT
and this is it.

Cheers,
K.
0
 
LVL 1

Author Comment

by:wfninpa
ID: 34086424
So setup my OpenVPN to assign from 172.32.1.1/24 block.
Add a static route for all 172.32.1.0 be routed to the LAN IP of the WRT device.

Correct?

That makes sense to me.  So if I have VPN users connecting to the WRT device (LAN IP: 10.0.0.254) they will get a 172.32.1.x address (VPN net) and I will still be able to access 10.x.x.x machines?

Would I need to add a static route on the WRT device to route any requests for 10.x.x.x to the proper net?  I don't think I would have to add a static route to the WRT device now that I think about it because it is already setup on the 10.x.x.x side.

Do I understand correctly?
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
ID: 34089559
In fact what OpenVPN does is :
- Use your Ethernet IP to bind your admin ports.
- Then you allocate another segment for VPN users
- It will then route the new network IP to the created P-t-P interface which will route through your Ethernet IP.

So that routing packets to VPN segments to the Ethernet IP of the OpenVPN box is enough.

Since the WRT has one of its interfaces at the 10.x.x.x side it will correctly know what packets to send to this interface. So an additional Routing is not necessary for it. (Even if you'd add one it would be route 10.0.0.0/8 to 10.0.0.1 which is the same with your interface network and your default gateway and redundant. This is why you don't add routing to TCP/IP boxes for the interfaces they have since they could calculate the network and broadcast address automatically from the interface config)

Cheers,
K.


0
 
LVL 1

Author Closing Comment

by:wfninpa
ID: 34297305
Thank you.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 34333277
You're welcome.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now