New
#51
PING From Client (on external wireless connection)
Can Ping 192.168.1.1 but this is the LAN address of the router.
on client it's impossible to ping 192.168.1.1 now!! Don't lie.
Client doesn't know where 192.168.1.* is !
PING From Client (on external wireless connection)
Can Ping 192.168.1.1 but this is the LAN address of the router.
on client it's impossible to ping 192.168.1.1 now!! Don't lie.
Client doesn't know where 192.168.1.* is !
Thank you for your continued support.
re 02:27 Post
It might go a little faster if you made some attempt to explain what was going on. You ask me to do a whole bunch of stuff with no rationale so it is hardly surprising if I get some of it wrong. If I dont know why I am doing something I can hardly spot a stupid result and double check what I did.
For example, it seems to me client knows where 192.168.1.1. is because client knows where server is and server knows where router (.1.1) is
If you want to stop because you think it is all too difficult or I am too stupid or I am a liar, please just let me know.
re 02:23 Post
This is much more helpful to my understanding of what is going on.
In answer to your questions:
serverside subnet - correct.
Client side: The client not on a LAN. Client is using
198.162.0.* to talk to external wifi (WAN?) - if this is a subnet then OK
198.162.11.22 to talk to VPN - if this is a subnet then OK
My 'model' of what is going on is that client talks to internet wifi (IP known); internet wifi talks to external router (IP known); router talks to server (port forwarded) and server talks to LAN (IP known). This suggests the client shoul dbe able to see other devices on the LAN (if the server permits it)
I presume the server would see computers on the client LAN (if there was one) by reversing the flow described.
In answer to "You want":
The aim is to get a proper VPN working. As I understand it this means:-
- CRITICAL: client can access files on the server
- IMPORTANT: client can access internet via the LAN (or set default gateway different and access internet locally)
- OF SOME VALUE: client can see computers on LAN
and, fo course, the Server can respond to computers that are communicating with it
I dont care whether server can see computers on client LAN - especially since client would not generally be on a LAN. However, if this is supposed to happen in a VPN, it would be nice to have it happen
What Next
Now if I had some idea/model of how all this IP addressing was supposed to get computers to talk to each other of a LAN/WAN that would be great
If you need anything more, let me know and I'll try to do it correctly
- CRITICAL: client can access files on the server=>already works...isn't it?
- IMPORTANT: client can access internet via the LAN (or set default gateway different and access internet locally)=>already works... isn't it?
- OF SOME VALUE: client can see computers on LAN=>his own LAN or the remote LAN?
I don't call you a liar. I meant to say, "what you write is impossible."
"For example, it seems to me client knows where 192.168.1.1. is because client knows where server is and server knows where router (.1.1) is "=> The client knows where 192.168.0.1, 192.168.0.2 etc and 192.168.11.22 is. But doesn't know where 12.13.14.89, 13.67.45.12 and 192.168.1.67 are. Because he doesn't know he sends it to its default gateway so 192.168.0.1.
To enable client to see all computers on server lan we have to add the route on CLIENT.
on client:
You have access to settings remote router's LAN? We have to set a static route there as well.Code:route add 192.168.1.0 mask 255.255.255.0 192.168.11.21
Network is not as easy as it looks..... difficult to explain
Last edited by Kaktussoft; 12 Mar 2014 at 04:31.
Now I am (even more!) confused . . .
Why am I directing/adding a route from .168.1.0 to .168.11.22?
The client is using .168.0.22 with a default gateway of .168.0.1 and a DNS server of the same and I see no mention of a .168.1.0 anywhere?
And yes, I have access to remote router's LAN. What address/route do I need to set up there?
192.168.11.22 is the address of the vpn-tunnel. All tcpip traffic to 192.168.1.* must be routed throught the vpn tunnel so 192.168.11.22. If done correctly the vpn-client can access the server and all other 192.168.1.* computers. But..... they cannot respond back yet.
On server do: route add 192.168.0.0 mask 255.255.255.0 192.168.1.67
On router on server side do: route add 192.168.0.0 mask 255.255.255.0 192.168.11.22 But the router isn't running win7, so you have to issue another command.
But is it really neccessary to see all remote computers?
Ahha so I am telling the client that anything to do with the 192.168.1.* network should be sent to the vpn-tunnel (.11.22) - seems reasonable. But how does the client know it needs to access .168.1.*? Do I have to access via IP address?192.168.11.22 is the address of the vpn-tunnel. All tcpip traffic to 192.168.1.* must be routed throught the vpn tunnel so 192.168.11.22. If done correctly the vpn-client can access the server and all other 192.168.1.* computers. But..... they cannot respond back yet.
Easy enoughOn server do: route add 192.168.0.0 mask 255.255.255.0 192.168.1.67
On router on server side do: route add 192.168.0.0 mask 255.255.255.0 192.168.11.22
Indeed, its just a router. On the router it seems I can create static routes with a series of records that haveBut the router isn't running Windows 7, so you have to issue another command.
Destination IP, Subnet Mask, Gateway. So I use these records to allow the router to redirect requests to the client network (192.168.11.22) to the client network gateway IP which is the external IP address that the client gets from his Wifi provider?
see #52But is it really necessary to see all remote computers?
NO - this part merely of some value primarily my better understanding and thank you for your help.
Critical - access server files remotely is solved
Important - access internet via server is outstanding and the problem here seems to be that the RAS interface on the server is listed as having no internet connection. How do I fix this?
So I use these records to allow the router to redirect requests to the client network (192.168.11.22)=>you are paritally right. 192.168.11.22 is the vpn client , not the vpn client network.
But for the other things.... you are starting to understand how it works.
----------------------------
So forget all the route commands for now (they are not permanent now anyway, so a reboot will distroy what you did).
Normal internet browsing on client doesn't work anymore when vpn client is connected? On client does ping 198.211.122.92 work then?
Do you really want to access the internet over the VPN-tunnel? Why?
internet browsing is fine until I tell the client to "use the default gateway on remote network" (see #25) Then the internet is unavailable.Normal internet browsing on client doesn't work anymore when vpn client is connected? On client does ping 198.211.122.92 work then?
This is why it seems relevant to me that the server shows no internet connection on the RAS interface.
I travel overseas and some UK TV material is not available in foreign countries. I am presuming that accessing the internet through the VPN will overcome this problem.Do you really want to access the internet over the VPN-tunnel? Why?
internet browsing is fine until I tell the client to "use the default gateway on remote network" (see #25) Then the internet is unavailable.=>that adds a default route (so for anything no routing has been defined [so any website and 192.168.1.*]) to the routing table. Effectively it routes everyting through the tunnel. On outside of tunnel it is on vpn it routes to its router (the remote router) and goes on the internet. But the remote router doesn't know where the vpn-tunnel is!! So it can't send the response back!
So what you have to do is: tell remote router where 192.168.11.22 is!
On remote router: route add 192.168.11.22 mask 255.255.255.0 192.168.1.67
On client make a vpn-connecton. client to "use the default gateway on remote network" is ON. Now create route -4 print output again. client can then ping 192.168.1.67 succesfully? If so \\192.168.1.67 shows remote shares?
on remote server \\192.168.11.22 shows vpn client shares?