Prev: How did this get through...
Next: Netscreen ScreenOS
From: landenmelton on 28 Sep 2005 20:38
I have successfully setup a VPN tunnel between a PC using the Netgear
VPN Client Software and a Netgear FVS318v3 router. Here is the setup. I
have a client PC running the client software behind a router connected
to a cable modem. This client PC's internal IP is 192.168.111.3. I have
the FVS318v3 configured as a DHCP server. It's internal IP Address is
192.168.10.1. The external IP Address of the router for example is
63.23.228.125. I can connect using the client and successfully ping the
router's internal IP address of 192.168.10.1 from the client. I'm
assuming the VPN tunnel is connected and working correctly. What I'm
trying to accomplish is to route all of the client's traffic through
the VPN for security reasons. I've tried configuring my ip settings on
the client machine point it's gateway to 192.168.10.1 and that didn't
work. I'm not really for sure if what I'm tryingto do is possible but
if it is I would sure appreciate any help that someone could give me.

From: E. on 29 Sep 2005 16:19
landenmelton(a)gmail.com wrote:
> I have successfully setup a VPN tunnel between a PC using the Netgear
> VPN Client Software and a Netgear FVS318v3 router. Here is the setup. I
> have a client PC running the client software behind a router connected
> to a cable modem. This client PC's internal IP is 192.168.111.3. I have
> the FVS318v3 configured as a DHCP server. It's internal IP Address is
> 192.168.10.1. The external IP Address of the router for example is
> 63.23.228.125. I can connect using the client and successfully ping the
> router's internal IP address of 192.168.10.1 from the client. I'm
> assuming the VPN tunnel is connected and working correctly. What I'm
> trying to accomplish is to route all of the client's traffic through
> the VPN for security reasons. I've tried configuring my ip settings on
> the client machine point it's gateway to 192.168.10.1 and that didn't
> work. I'm not really for sure if what I'm tryingto do is possible but
> if it is I would sure appreciate any help that someone could give me.
>

By default the FVS318's employ a split tunnel, i.e. anything for the VPN
lan goes through the VPN, anything else goes directly to where it likes.

There *should* be a setting in the client software which forces all
traffic thru the VPN and denies anything going out the WAN port. This is
the preferred way of doing things.

You could also try farting about with the routing rules on either the
router or the client PC's.
i.e. add a route of 0.0.0.0 0.0.0.0 192.168.10.1 (syntax will vary)
which should tell the router/PC that all traffic is to be routed via
192.168.10.1
E.
From: landenmelton on 3 Oct 2005 13:39

> By default the FVS318's employ a split tunnel, i.e. anything for the VPN
> lan goes through the VPN, anything else goes directly to where it likes.
>
> There *should* be a setting in the client software which forces all
> traffic thru the VPN and denies anything going out the WAN port. This is
> the preferred way of doing things.
>
I didn't find any setting in the software that would accomplish this.
I'm using the watchguard MUVPN software for testing purposes which is
the same software as the Netgear Prosafe Client software. If anyone
knows how to do this please let me know.

> You could also try farting about with the routing rules on either the
> router or the client PC's.
> i.e. add a route of 0.0.0.0 0.0.0.0 192.168.10.1 (syntax will vary)
> which should tell the router/PC that all traffic is to be routed via
> 192.168.10.1
> E.
It won't let me add that static route. It gives me an error of invalid
ip address and invalid subnet.

From: E. on 3 Oct 2005 16:40
landenmelton(a)gmail.com wrote:

>>By default the FVS318's employ a split tunnel, i.e. anything for the VPN
>>lan goes through the VPN, anything else goes directly to where it likes.
>>
>>There *should* be a setting in the client software which forces all
>>traffic thru the VPN and denies anything going out the WAN port. This is
>>the preferred way of doing things.
>>
>
> I didn't find any setting in the software that would accomplish this.
> I'm using the watchguard MUVPN software for testing purposes which is
> the same software as the Netgear Prosafe Client software. If anyone
> knows how to do this please let me know.
>
The setting (in the watchguard policy setup) is "use default gateway on
remote network"
This is a setting withinh the VPN user setup on the router, rather than
in the software client.
I am stuffed if i can recall if this option even exists in the FVS318's.
I think you have to force it to use the virtual adapter or something. I
need coffee.
>
>>You could also try farting about with the routing rules on either the
>>router or the client PC's.
>>i.e. add a route of 0.0.0.0 0.0.0.0 192.168.10.1 (syntax will vary)
>>which should tell the router/PC that all traffic is to be routed via
>>192.168.10.1
>>E.
>
> It won't let me add that static route. It gives me an error of invalid
> ip address and invalid subnet.
>
Try adding it at the PC - route add 0.0.0.0 mask 0.0.0.0 192.168.10.1
metric 3
Bear in mind that this is a complete, utter and total kludge way of
doing it, but may be useful for testing.
E.
 | 
Pages: 1
Prev: How did this get through...
Next: Netscreen ScreenOS