What's new

More VPN server questions

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gdgross

Occasional Visitor
Hi all, I'm (slowly) educating myself about how to set up a vpn server on my home network. I've asked a bunch of newb questions here and here.

I now have a TP link ER605 wired router in my network, and have my wifi routers set up in bridge mode (which means they are access points, and don't assign IP addresses, I understand) so that the router can be the router. This ER605 router has the ability to set up a VPN server itself, and I'd like to do this to enable remote access to my network, internet, or even log on to my mac mini remotely.

Home Network 20240613.jpg


On the VPN client side, I'd like to use one of the options built into windows 10, which appear to be these:
2024-06-11_14-49-47.png



With that in mind, I've started setting up an L2TP VPN server on the ER605, but I have some questions:
  1. I'm guessing the server IP an INTERNAL IP address that I'm assigning to the server on my LAN only?
  2. If so, how would I access this remotely? I didn't see anywhere in the L2TP setup a place where I needed to add a URL or something to access the VPN server, or a way to identify it remotely.
  3. What's the remote subnet, and what should I be putting in this spot?
IMG_5365_.JPG


Sorry if these are noob questions! I'm a networking luddite, but I'm learning.

Thanks!
Geoff
 
I assume that last image is supposed to be the configuration of the VPN server on the ER605 (given the previous image is of the VPN client on Windows). But it appears to be the VPN client tab in that image, NOT the server.
 
Yeah, sorry, that is the client tab. Here's the server:


IMG_5364.JPG



Not too many things to configure here...
 
  1. I'm guessing the server IP an INTERNAL IP address that I'm assigning to the server on my LAN only?

Given the original last image is a client tab, then obviously this question is irrelevant wrt the router since (according to you) the Windows machine is the actual client.

  1. If so, how would I access this remotely? I didn't see anywhere in the L2TP setup a place where I needed to add a URL or something to access the VPN server, or a way to identify it remotely.

For remote access from the Windows client, you would specify the public IP of your router's WAN (or else a domain name (e.g., DDNS)) for the "Server name or address" field. Presumably configuration of the VPN server will open the relevant port on the router's firewall. Of course, the Windows client needs to be accessing the VPN server from the *WAN* side, NOT the LAN.

  1. What's the remote subnet, and what should I be putting in this spot?

The remote subnet is the *private* network (e.g., 192.168.1.0/24) that becomes accessible on the LAN side of the router once the VPN client gets connected to the server. For certain VPN protocols, that information is NOT discoverable at the point of connection, so you have to supply is directly to the VPN client within its own configuration.

IOW, in order for the VPN client to be able to reach that private network, you have to give it this information so it can reconfigure its local routing tables to route such requests through the VPN. Just beware, the VPN client's own local, private IP network has to be *different* from that of the VPN server in order for this to work. IOW, both sides can't be using (in my example) 192.168.1.0/24.
 
Last edited:
Given the original last image is a client tab, then obviously this question is irrelevant wrt the router since (according to you) the Windows machine is the actual client.

For remote access from the Windows client, you would specify the public IP of your router's WAN (or else a domain name (e.g., DDNS)) for the "Server name or address" field. Presumably configuration of the VPN server will open the relevant port on the router's firewall. Of course, the Windows client needs to be accessing the VPN server from the *WAN* side, NOT the LAN.

The remote subnet is the *private* network (e.g., 192.168.1.0/24) that becomes accessible on the LAN side of the router once the VPN client gets connected to the server. For certain VPN protocols, that information is NOT discoverable at the point of connection, so you have to supply is directly to the VPN client within its own configuration.

IOW, in order for the VPN client to be able to reach that private network, you have to give it this information so it can reconfigure its local routing tables to route such requests through the VPN. Just beware, the VPN client's own local, private IP network has to be *different* from that of the VPN server in order for this to work. IOW, both sides can't be using (in my example) 192.168.1.0/24.
I appreciate the detailed explanation eibgrad! Very helpful. I may have to update the subnet mask based on what the network that the windows machine lives on; I'll check tomorrow. I know we use 192.168 there as well.

Does the potential conflict occur because the local client network and the network accessible through the VPN just both show up on the same client? and the client computer needs to not have any IP address conflicts?

Thanks!

G
 
I appreciate the detailed explanation eibgrad! Very helpful. I may have to update the subnet mask based on what the network that the windows machine lives on; I'll check tomorrow. I know we use 192.168 there as well.

Does the potential conflict occur because the local client network and the network accessible through the VPN just both show up on the same client? and the client computer needs to not have any IP address conflicts?

Thanks!

G

If both the VPN client and server are using the same IP network, then the client will NEVER attempt to access the remote network since it will always assume its own IP network does NOT require routing (i.e., it will look locally). But if they are different, THEN the client knows the only way to get to that other IP network is via the VPN.
 
Makes sense, thanks for the further explanation.

I think I'm good on that front - looks like all the dynamic IPs on this network with the windows machine are 10.72.100.x, and a few statics at other ips, but none at the 192.168.x.x which I'll use on the home network. :)
 
ok, maybe making some progress on this. I set up a VPN connection in windows and received the following error when attempting to connect:

2024-06-20_15-14-08.jpg

This sounds like something I've set up wrong on the client side that won't allow it to connect with the server I've set up?

These are the options I have using the windows VPN client:
2024-06-20_15-34-07.jpg


Any ideas what I'm doing wrong?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top