connect vpn router throu another router

[mentholflash01]

hi
wat ime trying to do is have router 1 netgear wgr614 v9 connected to modem
router 2 dlink dir-615 v2 dd-wrt as vpn to connect to vpn server throu router 1
so that all connections to router 1 run at the modem speed and router 2 at vpn speed
can anyone help with te actual setting
thanks

 

[oneman]

Is router 2 initiating the connection to the VPN server ? If it is then you should need to configure anything on router 1.

 

[nozzer]

It depends on the protocol. As your using a dir-615 for the dd-wrt software I presume your going to be trying to use the PPTP protocol (dont think the dir-615 supports openvpn) which can be problematical depending on the vpn provider you use !

On your main router (wgr614) you may need to forward port 1722 to the 2nd router or make sure PPTP passthrough is enabled. Forwarding can be a problem thoug as both routers may end up on different subnets (sespecially if your trying to use non static IP for the WAN on the 2nd router). If the router allows simple PPTP passthrough (and properly handles GRE47) then things are much simpler as you shouldn't have to change anything else on the main router.

On your dd-wrt router you have two options, depending on the vpn provider. You may be simply able to set the WAN mode to the PPTP login type and just fill in the details. This will work with some VPN providers like USAIP etc (you can use their 10 minute demo to check if you want) but likely wont work with many others.

The other alternative is to set up the PPTP client in the dedicated VPN tab. For this you'll likely need to fill in all the parameters requested and then tweak things by adding your own startup/firewall scripts. This can be a devil of a job and is usually next to impossible unless your VPN service provides a guide on how to set up the vpn within a linux environment (a true Poptop/PPTPD setup - not a simple PPTP login) listing ALL the required settings.

Generally, openvpn works far more easily through cascaded routers but far fewer routers support it as it appears to be only available on the standard dd-wrt image and up (which the dir-615 doesn't support). Even with openvpn though, you would likely need to add a startup script to tweak things - especially if your vpn requires a username/password rather than just a unique keyset.

 

[oneman]

Nozzer, if it is an outgoing conenct (e.g. the dir-615 is acting as a VPN client) then I was wondering why you would need to set up port forwarding. I've got site to site VPN setup (windows VPN between two domain controllers) between my internal network and a clients. I have my internal server doing the 'dialing' and port forwarding setup on the remote router. Just used this article,

How to use the Windows Server 2003 Routing and Remote Access Service or ISA Server 2006 or ISA Server 2004 with a DSL router for Internet access

 

[mentholflash01]

hi all
thanks for all the advice
nozzer thanks for ya help mate but a lot of it sorta flew over my head ime pretty new to routers and networking
how about if the dlink vpn router was hardwired to the netgear internet router
and would so many setting need changing for this setup
thanks

this is the tut i used
all thanks to the guvnor
dellete it if not allowed

 

[nozzer]

Nozzer, if it is an outgoing conenct (e.g. the dir-615 is acting as a VPN client) then I was wondering why you would need to set up port forwarding. I've got site to site VPN setup (windows VPN between two domain controllers) between my internal network and a clients. I have my internal server doing the 'dialing' and port forwarding setup on the remote router. Just used this article,

tbh, I never really did understand the details of why but it seems to have something to do with this strange GRE47 thing. If you port-forward port 1723 (the assigned PPTP port) then the router is supposed to know that its handled differently and do the proper stuff to support GRE47.

Most newer routers though should automatically handle PPTP passthrough or at least have an option to enable it. Routers with passthrough are far easier to set up because of the 2nd router changing subnet as it configures the tunnel - its pretty hard to properly port-forward when the PPTP tunnel assigns your router to a new IP and subnet !!!

 

[nozzer]

this is the tut i used

I think that tutorial assumes you are only using a single internet connected router rather than trying to cascade. The router uses a very simplified form of PPTP where it just logs into the server as though it were the internet service provider. No port forwarding or anything similar is required as the router is effectively connected directly (via the internet) to the VPN ISP.

Unfortunately, things start to get complicated when you cascade and these complications may not be totally handled by the PPTP protocol itself. Basically, you have to make sure the 2nd (vpn) router gets ALL pptp traffic even though you may not know what IP or subnet it will have after a tunnel is assigned. Some VPN providers seem to work whilst some dont. I dont think linkideo works at all but USAIP seems to work quite well (try using server: rpn9.usaip.eu with username: demo password demo as a quick test - this will only run for 10 minutes).

 

[oneman]

tbh, I never really did understand the details of why but it seems to have something to do with this strange GRE47 thing. If you port-forward port 1723 (the assigned PPTP port) then the router is supposed to know that its handled differently and do the proper stuff to support GRE47.

Most newer routers though should automatically handle PPTP passthrough or at least have an option to enable it. Routers with passthrough are far easier to set up because of the 2nd router changing subnet as it configures the tunnel - its pretty hard to properly port-forward when the PPTP tunnel assigns your router to a new IP and subnet !!!

That could well be true. TBH, I don't use a hardware router, I am running W2K8 server with RRAS and it passes through PPTP no problems. As I mention I initate the connection from my side and not needed to do any port forwarding on my end.