Hi, I've been coming here for years, but never had enough knowledge to help, and never had a need. Now, I hope that someone here will be able to help. This is long. No screen shots yet, as hopefully you can tell me what you need to see...
I've been trying to learn about routing, but I think I'm having a mental block - hopefully someone here finds this an easy question to answer!
I have 2 sites that I control, and one that I don't. This is how I hope to get it working:
----------------------------------------------------------------------
Site 1 (under my control - this is my main site):
- 40/10 connection dynamic IP but using DDNS client on the router
- AC3100 Router running Merlin 360.68
- Router IP 192.168.13.1
- Dynamic IP starts at 192.168.13.120 with some clients set up to assign a static ip set in the router, not on the client side
- FTP server running on a static IP on a non-standard port, port forwarded to the correct port, must be accessible from the web
All traffic goes through IPVanish set up as client 3 except:
- router itself 192.168.13.1
- a static IP for site 3 (not under my control)
VPN Server 1 (vpn subnet 10.8.13.0, UDP 1194) should allow all connected users to see all devices on the network. Connections will be from mobiles while not connected to either site 1 or site 2 LAN, and from site 2. Internet traffic from connected devices and site 2 should use their own ISP, not site 1 internet connection and not client 3 VPN.
VPN Server 2 (subnet 10.8.14.0 TCP443) identical to Server 1 except all traffic should be routed through client3 IPVanish. This is not yet set up - no idea how to do the routing here.
Devices connected on the site 1 LAN should be able to see all site 2 devices.
-------------------------------------------------------------
Site 2 (under my control - this is my secondary site)
- 20/10 connection dynamic IP, using DDNS client in the router
- AC66U router running Merlin 380.67 (haven't been personally at the site to upgrade. don't want to do it remotely)
- router IP 192.168.176.1
- dynamic IP assignment starts at 192.168.176.120
Traffic from site 2 doesn't not need to go through a private VPN (although it could I suppose). All devices on site 2 LAN should have access to all devices on site 1 LAN.
--------------------------------------------------------------
site 3 (not under my control - probably not pertinent to this conversation. Connection to site 3 static IP is through a cisco VPN client installed on windows 10 desktops at either site 1 or site 2.)
--------------------------------------------------------------
Before using IPVanish, I had a client and server set up at each site 1 and site 2, connecting to each other, and it worked fine. All devices could see all devices on the other LAN. But it seemed clunky and unnecessary. Plus I bought a new router and signed up for IPVanish... so I threw that all out the window and trying to learn how to do it better.
IPVanish client 3 works great by itself - exactly how it should. no IP leaks (using exclusive DNS configuration and strict policy rules).
Server 1 works great by itself, allowing connected devices to see all site 1 LAN - and based on client settings allows internet traffic to flow through the device ISP (Mobile carrier or other wifi sites), or through site 1 WAN (not client 3 VPN). FTP server is accessible from the internet.
Introducing site 1 client 3 VPN now prevents clients connecting to server 1 from seeing the rest of site 1 LAN. Only router at 192.168.13.1 is visible to connected clients.
From what I've read, I think this should all be possible, but I'm sure there are some pretty precise settings that need to happen. I'm really hoping to learn some good stuff here... What is the logical order to attack this problem?
And, what screen shots can I take that will be useful for the conversation?
Many thanks, in advance, for your help getting this set up!!
Cheers
Tiwing
I've been trying to learn about routing, but I think I'm having a mental block - hopefully someone here finds this an easy question to answer!
I have 2 sites that I control, and one that I don't. This is how I hope to get it working:
----------------------------------------------------------------------
Site 1 (under my control - this is my main site):
- 40/10 connection dynamic IP but using DDNS client on the router
- AC3100 Router running Merlin 360.68
- Router IP 192.168.13.1
- Dynamic IP starts at 192.168.13.120 with some clients set up to assign a static ip set in the router, not on the client side
- FTP server running on a static IP on a non-standard port, port forwarded to the correct port, must be accessible from the web
All traffic goes through IPVanish set up as client 3 except:
- router itself 192.168.13.1
- a static IP for site 3 (not under my control)
VPN Server 1 (vpn subnet 10.8.13.0, UDP 1194) should allow all connected users to see all devices on the network. Connections will be from mobiles while not connected to either site 1 or site 2 LAN, and from site 2. Internet traffic from connected devices and site 2 should use their own ISP, not site 1 internet connection and not client 3 VPN.
VPN Server 2 (subnet 10.8.14.0 TCP443) identical to Server 1 except all traffic should be routed through client3 IPVanish. This is not yet set up - no idea how to do the routing here.
Devices connected on the site 1 LAN should be able to see all site 2 devices.
-------------------------------------------------------------
Site 2 (under my control - this is my secondary site)
- 20/10 connection dynamic IP, using DDNS client in the router
- AC66U router running Merlin 380.67 (haven't been personally at the site to upgrade. don't want to do it remotely)
- router IP 192.168.176.1
- dynamic IP assignment starts at 192.168.176.120
Traffic from site 2 doesn't not need to go through a private VPN (although it could I suppose). All devices on site 2 LAN should have access to all devices on site 1 LAN.
--------------------------------------------------------------
site 3 (not under my control - probably not pertinent to this conversation. Connection to site 3 static IP is through a cisco VPN client installed on windows 10 desktops at either site 1 or site 2.)
--------------------------------------------------------------
Before using IPVanish, I had a client and server set up at each site 1 and site 2, connecting to each other, and it worked fine. All devices could see all devices on the other LAN. But it seemed clunky and unnecessary. Plus I bought a new router and signed up for IPVanish... so I threw that all out the window and trying to learn how to do it better.
IPVanish client 3 works great by itself - exactly how it should. no IP leaks (using exclusive DNS configuration and strict policy rules).
Server 1 works great by itself, allowing connected devices to see all site 1 LAN - and based on client settings allows internet traffic to flow through the device ISP (Mobile carrier or other wifi sites), or through site 1 WAN (not client 3 VPN). FTP server is accessible from the internet.
Introducing site 1 client 3 VPN now prevents clients connecting to server 1 from seeing the rest of site 1 LAN. Only router at 192.168.13.1 is visible to connected clients.
From what I've read, I think this should all be possible, but I'm sure there are some pretty precise settings that need to happen. I'm really hoping to learn some good stuff here... What is the logical order to attack this problem?
And, what screen shots can I take that will be useful for the conversation?
Many thanks, in advance, for your help getting this set up!!
Cheers
Tiwing
