| View previous topic :: View next topic |
| Author |
Message |
gbalbach
EVDO Newbie
Joined: 16 Oct 2007
Posts: 8
|
 Posted: Tue Oct 16, 2007 2:21 pm Post subject: Bridge mode |
 |
|
Hello everyone,
Does anyone know of a way (with any firmware) to put the WRT54G3G-ST into bridge mode? I am trying to do this:
Put the w54g3g-st into bridge mode with a sprint wireless card then have a netgear fvs338 behind it (lan port on linksys -> wan port on netgear) then have the FVS338 do a site to site vpn to a sonicwall 2040 at another location.
Thanks in advance... |
|
| Back to top |
|
 |
rlw
EVDO User
Joined: 29 May 2007
Posts: 37
Location: Near Lancaster, OH
|
| Posted: Tue Oct 16, 2007 7:08 pm Post subject: |
|
|
| gbalbach wrote: | | ...Put the w54g3g-st into bridge mode with a sprint wireless card then have a netgear fvs338 behind it (lan port on linksys -> wan port on netgear) then have the FVS338 do a site to site vpn to a sonicwall 2040 at another location... |
I don't think you really need to put the Linksys in bridge mode. Go to the stock firmware web admin page, select Security->VPN, and enable IPSEC/PPTP/L2TP Passthrough. Make the LAN IP of the Linksys the gateway of the Netgear, and it should work.
...IF, however, it doesn't, set up the WAN ip of the Netgear as the DMZ host by selecting Applications & Gaming->DMZ on the web interface.
I have a couple of clients with a similar setup -- Adtran Netvanta VPN router, behind a Linksys WRT54 connected to a Roadrunner line.
Hope this helps,
RLW |
|
| Back to top |
|
|
gbalbach
EVDO Newbie
Joined: 16 Oct 2007
Posts: 8
|
| Posted: Wed Oct 17, 2007 6:59 am Post subject: |
|
|
| Thanks for the tips, I tried what you suggested. I can establish the VPN connection to the remote sonicwall from the netgear that is behind the wrt54g3g-st but I can't do anything...maybe I need to open some ports on the netgear...in the sonicwall logs it says that the remote peer doesnt support nat traversal. I have nat traversal turned on in the sonicwall advanced options (enhanced version of the firmware). I since the netgear fvs338 supposedly supports nat traversal I figured it was because I was going through the linksys...? |
|
| Back to top |
|
|
rlw
EVDO User
Joined: 29 May 2007
Posts: 37
Location: Near Lancaster, OH
|
| Posted: Wed Oct 17, 2007 7:21 am Post subject: |
|
|
| gbalbach wrote: | | Thanks for the tips, I tried what you suggested. I can establish the VPN connection to the remote sonicwall from the netgear that is behind the wrt54g3g-st but I can't do anything... |
Can you ping addresses on the LAN side of the sonicwall? What are you trying to do, access Windows printers and shares on the LAN?
As I understand VPNs, once the tunnel is established, the WRT is out of the way (you're already tunneling through the WRT, and already have a virtual network connection up and running) -- you shouldn't have to make any further changes to the WRT.
You might look around in the Netgear for a NAT traversal setting.
I'm curious, which one of my tips worked? Turning on VPN passthrough, or making the Netgear a DMZ host in the WRT?
RLW |
|
| Back to top |
|
|
gbalbach
EVDO Newbie
Joined: 16 Oct 2007
Posts: 8
|
| Posted: Wed Oct 17, 2007 7:25 am Post subject: |
|
|
| Trying to ping anything across the vpn doesnt work, but I can connect to the sonicwall from a PC with the sonicwall vpn client and it works/can ping particular machines without problem. The part that fixed it/let me get the connection working was the DMZ part. Thanks again for that, I'll dig more into the netgear... |
|
| Back to top |
|
|
rlw
EVDO User
Joined: 29 May 2007
Posts: 37
Location: Near Lancaster, OH
|
| Posted: Wed Oct 17, 2007 8:20 am Post subject: |
|
|
I'm not sure what your LAN (inside the WRT) looks like, but if you can use the Sonicwall client on your PC to talk to the remote LAN through the client, it might just be a routing issue on your LAN.
When you use the Sonicwall client, it probably changes your default route to the virtual IP it gets as a result of creating the connection.
When you try to use the Netgear, it's just another device on your LAN, and is probably not configured in your PC to be a route to the remote net.
Here's an example:
Let's say your local net is 192.168.1.x, your WRT is 192.168.1.1, and is the default route before you try setting up the tunnel either with the Netgear or the SW client software. 192.168.1.1 would be your gateway.
Let's also assume the network on the other side is 10.1.1.x. When you run the SW client, it is assigned 10.1.1.99 as it's end of the connection, 10.1.1.55 as the far end, and it also updates your routing table to make 10.1.1.55 as your default gateway. All is well with the world.
When you use the Netgear, assume it's LAN side IP (inside your network) is 192.168.1.2. It connects, establishes the tunnel, but your PC still thinks its default gateway is 192.168.1.1 (the WRT).
What you may need to do is add a persistent route to get to the 10.1.1.x network on your PC, something like:
| Code: | | route -p add 10.1.1.0 mask 255.255.255.0 192.168.1.2 metric 1 |
That would make all requests targeted for the 10.1.1.x network go through the Netgear (at 192.168.1.2), while all other requests (like web browsing, email, etc.) go through the WRT (at 192.168.1.1). The -p flag tells route to remember this over a reboot.
Note that using a network block like 192.168.1.x is a bad idea if you're going to be connecting to remote nets via VPNs -- so is 192.168.0.x. The reason is that almost every router comes out of the box set to those networks. If you're trying to connect remotely to another network that is on the same block, it won't be able to route your requests, 'cuz it doesn't know the difference between the remote and local network.
I usually pick a different number than 1 or 0 for the third octet, something like 192.168.147.x.
Fine Print:
Be careful doing this, and talk to the network admin at the 10.1.1.x end, because your PC could expose the remote network to the internet -- depends on what policies the remote admin has in place. As always, your mileage may vary, no animals were harmed in the writing of this post, batteries not included, and I assume no responsibility for any problem you might ever have ever... 
Hope that helps, and isn't too confusing....
RLW |
|
| Back to top |
|
|
gbalbach
EVDO Newbie
Joined: 16 Oct 2007
Posts: 8
|
| Posted: Wed Oct 17, 2007 8:22 am Post subject: |
|
|
| Thank you very much for the info, I will check it out! |
|
| Back to top |
|
|
gbalbach
EVDO Newbie
Joined: 16 Oct 2007
Posts: 8
|
| Posted: Wed Oct 17, 2007 2:41 pm Post subject: |
|
|
| Well I checked out that you suggested and apparently there is something else wrong with this setup. Even though the vpn tunnel connects, the sonciwall logs say that the peer doesn't support nat traversal...I think that is why I can't hit anything across the connection but I know the netgear fvs338 supports traversal...I am guessing the linksys is having problems passing the info...shame, I will keep trying but if anyone has any other tips to try let me know... |
|
| Back to top |
|
|
rlw
EVDO User
Joined: 29 May 2007
Posts: 37
Location: Near Lancaster, OH
|
| Posted: Wed Oct 17, 2007 7:52 pm Post subject: |
|
|
| gbalbach wrote: | | Well I checked out that you suggested and apparently there is something else wrong with this setup. Even though the vpn tunnel connects, the sonciwall logs say that the peer doesn't support nat traversal...I think that is why I can't hit anything across the connection but I know the netgear fvs338 supports traversal...I am guessing the linksys is having problems passing the info...shame, I will keep trying but if anyone has any other tips to try let me know... |
Hmmmmm... the way I understand it, when you set up the Netgear as the DMZ host, you're basically saying to the firewall in the Linksys, "Let the whole internet see my Netgear". I could be wrong, but that's the way I visualize it.
Some implementations of DMZ may not open up the whole 'net to the DMZ host, but that makes little sense to me (why have a DMZ host if it's not completely exposed?).
I found an article on Wikipedia that might be helpful:
http://en.wikipedia.org/wiki/NAT_traversal#NAT_traversal_and_IPsec
It looks like you have to punch holes in the firewall at UDP 500, UDP 4500, and IP 50. That's what the "IPSEC Passthrough" is supposed to do.
Did you check the routing (the "route print" command will tell you what's what)?
I'm not sure of your level of expertise (hell, I'm not sure of MY level of expertise!), so I apologize if I'm telling you things you already know.
Good luck,
RLW |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Sprint Rev A USB: Compass 597
Sprint Rev A ExpressCard: Merlin EX720
Purchase an V740 Rev A ExpressCard
Sprint U727
CTR350 Router
CradlePoint PHS300
Purchase a MBR1000
Purchase an EVDO Booster Antenna
Purchase a LinkSys 3G Router
Purchase an EVDO Amplifier
Your Mac EVDO Experts
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
