Directly Connect (2) RV082's to simulate WAN?

Answered Question
Nov 10th, 2010
User Badges:

Does anyone know if this is possible and how I would need to configure this? I would like to create VPN Tunnel directly between to the 2 WAN interfaces to simulate it working over the internet.


Thanks,

Joe

Correct Answer by ibondar about 6 years 9 months ago

Hello!


I think you should make some corrections in the IP settings:


Router 1:


WAN IP: 10.10.10.1

Subnet Mask: 255.255.0.0

Default Gateway: 10.10.20.1

Primary and Secondary DNS: Not needed


LAN IP: 192.168.1.1

Subnet Mask: 255.255.255.0


Router 2:


WAN IP: 10.10.20.1

Subnet Mask: 255.255.0.0

Default Gateway: 10.10.10.1

Primary and Secondary DNS: Not needed


LAN IP: 192.168.2.1

Subnet Mask: 255.255.255.0


Please, pay attention to the WAN ports subnet mask - it should be 255.255.0.0, other wise with an old one 255.255.255.0 WAN IPs are in the different subnet and cannot have a direct connection.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mpyhala Wed, 11/10/2010 - 14:16
User Badges:
  • Gold, 750 points or more

Joe,


I have done this before with two WRV210 routers. Make the WAN IP addresses static and the default gateways will be the IP address of the opposing router.


Router 1:


WAN IP: 10.10.10.1

Subnet Mask: 255.255.255.0

Default Gateway: 10.10.20.1

Primary and Secondary DNS: Not needed


LAN IP: 192.168.1.1

Subnet Mask: 255.255.255.0


Router 2:


WAN IP: 10.10.20.1

Subnet Mask: 255.255.255.0

Default Gateway: 10.10.10.1

Primary and Secondary DNS: Not needed


LAN IP: 192.168.2.1

Subnet Mask: 255.255.255.0


Let us know if you have any issues getting this to work properly.

jcosker27 Wed, 11/10/2010 - 19:24
User Badges:

Thank you for your respose. This is as I had suspected but was not working for me and with those exact settings it still is not working. I am unable to ping the other routers wan address from the either device.


If I enter the router itself as a default gateway it seems to work, I can atleast ping the other device and I am able to get the VPN Tunnel to connect but I am unable to ping any lan addresses just the wan.


I am new to this and there may be some other settings I need to configure. Thanks again for your assistance.

mpyhala Wed, 11/10/2010 - 19:51
User Badges:
  • Gold, 750 points or more

Joe,


Make sure that Block WAN Request is disabled on the Firewall tab. If it is enabled you will not be able to ping the WAN port. I was in the exact same position as you with setting the gateway as the same as the router. I could connect the tunnel, but could not ping or access any LAN devices through it. After I disabled Block WAN Request and changed the gateway to be the opposite router IP address it worked perfectly. Keep us updated.

Correct Answer
ibondar Thu, 11/11/2010 - 02:03
User Badges:

Hello!


I think you should make some corrections in the IP settings:


Router 1:


WAN IP: 10.10.10.1

Subnet Mask: 255.255.0.0

Default Gateway: 10.10.20.1

Primary and Secondary DNS: Not needed


LAN IP: 192.168.1.1

Subnet Mask: 255.255.255.0


Router 2:


WAN IP: 10.10.20.1

Subnet Mask: 255.255.0.0

Default Gateway: 10.10.10.1

Primary and Secondary DNS: Not needed


LAN IP: 192.168.2.1

Subnet Mask: 255.255.255.0


Please, pay attention to the WAN ports subnet mask - it should be 255.255.0.0, other wise with an old one 255.255.255.0 WAN IPs are in the different subnet and cannot have a direct connection.

David Carr Thu, 11/11/2010 - 10:49
User Badges:
  • Silver, 250 points or more

I agree with Ivan, it seems as if the subnet mask would not allow this to work.  I have done this before with addresses like 192.168.1.1 and gateway of 192.168.1.2 and the other router set to 192.168.1.2 with gateway of 192.168.1.1.  Once you do that it should have connectivity between the two with both devices looking back at each other. I have done this successfully on my end with similar configurations.

jcosker27 Fri, 11/12/2010 - 04:39
User Badges:

Thanks for the help! It was the subet mask needing to be 255.255.0.0 and everything worked.


Now I have to deal with multiple subnet access over VPN. I guess the solution is to use multiple tunnels for different subnets but since I can't create a tunnel to a previuosly used endpoint I dont know if this configuration will work. I can get 192.168.1.0 (site a) to talk to 192.168.2.0 (site B) through tunnel1 and 192.168.3.0 (site A) to 192.168.4.0 (site B) over tunnel2. Traffic flows fine within the tunnels but if I want to access 192.168.1.0 from 192.168.4.0 it will not work. Seems to be a limitation with these routers. Hopefully more searching today will find a solution.


Thanks again!

Joe

ibondar Fri, 11/12/2010 - 05:46
User Badges:

It is possible to connect through one VPN tunnel all network from SiteA to all network from SiteB by tweaking Local Group setup and emtoe Group Setup fields in gateway-to-gateway tunnel properties. All you need to do is to expand subnet mask beyond normal range to make it include all local (for Local group) or remote (for Remote group) subnets.


Like here:


SiteA:

192.168.0.0/24

192.168.1.0/24


SiteB:

192.168.2.0/24

192.168.3.0/24


On SiteA router local group setup should contain 192.168.0.0 with subnet mask 255.255.254.0, remote group should be 192.168.2.0 with subnet mask 255.255.254.0


and vice versa:


On SiteB router local group setup should contain 192.168.2.0 with subnet mask  255.255.254.0, remote group should be 192.168.0.0 with subnet  mask 255.255.254.0


This solution requres careful subnet planning, but as I know it is possible. However if you wish first subnet from SiteA to be able to access only first subnet on SiteB (like 192.168.0.0/24 to access 192.168.2.0/24 only) I'm not sure it is possible. May be you need to try to restrict access by applying firewall access rules on both routers, but I'm not sure if VPN traffic can be regulated by such rules. It's pretty advanced configuration for this device

jcosker27 Fri, 11/12/2010 - 11:26
User Badges:

Ivan thanks for the explanation!!!


I was able to get this to work just as you suggested but only using the exact networks and subnet described in your post. Which is okay I can use 192.168.0.x - 3.x with 255.255.254.0 for my network as this is a new configuration. I know it gets tricky when working with subnetting but I wanted to get it to work with the networks specified in my original post... 192.168.1.0 - 192.168.4.0.  As you stated this will require some planning as I would need to create the tunnel with specific IPs which can be used withtin the specified subnet.


This forum has been great and answered both my questions very quickly and correctly. I wish i found this sooner by searching the posts but everything I found said "multiple tunnels". Everythign is now working perfectly through one tunnel using the appropriate ip's and subnets.


Thanks Again!

Joe

Actions

This Discussion