1

I'm trying to setup two routers - one to route specific sites to a always-on PPTP VPN connection, the other for open internet access w/ firewall.

First router is connected to Internet w/ built-in firewall. Second router is connected to a PPTP VPN connection.

I was going to connect a wire between the routers and would like some insight on how to get both groups of systems (connected to each router) to talk between automatically. Even better would be to setup one gateway for certain sites and another for general Internet. The other option is to default all sites to the net and shoot others to the gateway or vice versa...

Any insight so I can get a better grasp of this?

Thanks!

  • what ever you do, don't forget to make a diagram and document it, so when you packets start vanish down a network black hole, you'll know what you did. – The Unix Janitor Mar 19 '10 at 01:38

4 Answers4

2

The easiest solution would likely be to set all your clients to default route to the "internet" router - now assuming that is something more than just a $10 ASDL modem you should be able to enter the static routes on that device so that it forwards the PPTP stuff off to the right router for that.

What make/model etc are the routers ?

Geraint Jones
  • 2,483
  • 16
  • 19
0

if your having trouble understanding layer 3 routing and ip tunnels then you can use openvpn in layer 2 mode. You create a layer 2 bridge between networks. I'd only advise this for smaller networks and it's not optimum either, but it's very simple!

Just make sure that both lan's are on the same subnet and your ready to go.

This guide will get you started.

http://www.linux.com/archive/feed/58336

The Unix Janitor
  • 2,388
  • 14
  • 13
0

If you don't have another layer 3 device closer to the hosts, then you'll likely need to setup host routes on the machines themselves pointing your PPTP traffic to the VPN router and a default route to the internet router.

Sounds like you've got a decent handle on the solution:

default all sites to the net and shoot others to the gateway

Greeblesnort
  • 1,739
  • 8
  • 10
0

I don't know the best answer, but here's how I've got it setup:

I have a T1 and a DSL line. I'm routing all VPN traffic over the T1, and all internet traffic over the DSL. I also configured mine for failover, so if one dies, the other handles the traffic (albeit poorly)

The key device in this setup is my Juniper Netscreen SSG5. It's a 5-interface router/firewall/vpn combo. One interface is internal, one is external DSL, and the other is external to the Cisco that has the T1 WIC.

What kind of routers are you using? If you can get away with only using one router, then you'll be golden. If you can't, you may need to get a third routing device that decides which path to send the packets down. In that case, your VPN endpoint would need to be that central router.

Matt Simmons
  • 20,218
  • 10
  • 67
  • 114