Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 966
  • Last Modified:

Multiple Gateways, Load Balancing, Multiple Devices with diagram. Help?

I have a network that is currently running a SYSWAN SW24 Load Balancer with one static ip provider and Comcast cable modem as my dynamic ip provider.
Everything is great.

Since my STATIC IP provider gives me 5 ip addresses I would like to use another one to add a Linksys WRT54GL dd-wrt vpn for use as an OpenVPN solution for home users.

I do not want to use my SYSWAN unit for VPN, I already know I can do that but I don't want too and also don't want to pay for the license although it is very inexpensive.

The question I have is how will my VPN traffic work correctly when using an additional static IP for the WAN on the Linksys router and keeping it in the same subnet with a 10.0.0.254 address.

I'm pretty sure it is a matter of adding routes in the Linksys router but I'm not sure what I need to do.

It is much better explained in my diagram which should be attached to this post.  Please see the diagram before asking any questions.  I'm pretty sure it shows exactly what I want to do.

Thanks. Network Diagram
0
wfninpa
Asked:
wfninpa
  • 3
  • 2
1 Solution
 
Kerem ERSOYPresidentCommented:
Hi,

You should avoid to have 2 DG's for any system. What you would do is not adding a second DG. Your  VPN users will be assigned an IP range outside of your local net. Since your NetMask is 255.0.0.0 it is not possible to assign an IP range from withing the 10.x.x.x segment. You'll assign them and IP address from a different block say 172.32.1.1/24 and you'll either add a  static route to each PC which will direct 172.32.1.x traffic to the IP address of your WRT router. or you2ll add a single routing command to te syswan so taht all traffic to the 172.32.1.x traffic will be routed to your WRT device and this is it.

There's no complex operation here:
- IP assignment to your VPN users from a different subnet than your intranet.
- Add a static routing rule to  SYSWAN so all the traffic to the above created subnet to the WRT
and this is it.

Cheers,
K.
0
 
wfninpaAuthor Commented:
So setup my OpenVPN to assign from 172.32.1.1/24 block.
Add a static route for all 172.32.1.0 be routed to the LAN IP of the WRT device.

Correct?

That makes sense to me.  So if I have VPN users connecting to the WRT device (LAN IP: 10.0.0.254) they will get a 172.32.1.x address (VPN net) and I will still be able to access 10.x.x.x machines?

Would I need to add a static route on the WRT device to route any requests for 10.x.x.x to the proper net?  I don't think I would have to add a static route to the WRT device now that I think about it because it is already setup on the 10.x.x.x side.

Do I understand correctly?
0
 
Kerem ERSOYPresidentCommented:
In fact what OpenVPN does is :
- Use your Ethernet IP to bind your admin ports.
- Then you allocate another segment for VPN users
- It will then route the new network IP to the created P-t-P interface which will route through your Ethernet IP.

So that routing packets to VPN segments to the Ethernet IP of the OpenVPN box is enough.

Since the WRT has one of its interfaces at the 10.x.x.x side it will correctly know what packets to send to this interface. So an additional Routing is not necessary for it. (Even if you'd add one it would be route 10.0.0.0/8 to 10.0.0.1 which is the same with your interface network and your default gateway and redundant. This is why you don't add routing to TCP/IP boxes for the interfaces they have since they could calculate the network and broadcast address automatically from the interface config)

Cheers,
K.


0
 
wfninpaAuthor Commented:
Thank you.
0
 
Kerem ERSOYPresidentCommented:
You're welcome.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now