I have installed two RV130 routers at two different locations. I explicitly purchased these for their VPN capabilities to connect the two locations. I have been able to successfully create a VPN between the two locations, but it doesn't solve the problem I was after. I've done much searching on the internet for a solution, but either find a bunch of Linux commands that I don't think I can run on a RV130, solutions that say it's possible but don't describe a solution, or information that says what I need to do is impossible, i.e., I wasted my money on these routers.
I have need to be able to set up security devices and multimedia devices that can communicate across the VPN. It ends up, most of these devices need broadcast messages to communicate, and they aren't routed across the VPN (successfully).
I have tried using 192.168.0.1 on one side and 192.168.1.1 on the other side. I can ping devices from both sides, but since the broadcast messages aren't going through, I can't set the devices up the way I need to. I tried setting the subnet masks to 255.255.254.0, but at that point I can no longer get to the admin consoles (though traffic routing seems to be fine) and I still can't communicate between devices that use broadcast.
I have tried using 192.168.0.1 on both sides, making sure the DHCP servers don't allocate overlapping IPs. The VPN appears to set up fine, but I can't ping devices across the VPN (and of course broadcast messages don't work). With this setup, I can no longer ping devices across the VPN. I should note that I reserved a hole in the address space for one side: 192.168.0.50-99 on one side, and the rest of the address space on the other side (DHCP using only 100-254), with a subnet mask of 255.255.255.0 on both sides. I could split the range in half if that would solve the problem.
I either need a way to route broadcast packets using scenario 1 or I need to fix scenario 2 so that each side can see each other.
Have you looked into GRE Tunneling to send broadcast (or multicast) over IPSEC... i've not any experience with the RV130, However from first glance I don't believe it supports GRE Tunnelling before encapsulating the packet into IPSec.
Thanks, David -
Theoretically, yes, GRE is what I probably need. However, I don't have any menus on the RV130 to set anything beyond the VPN tunnel that are described in this document. I also don't know of any way to access a command line interface on the RV130 (Is there one???), and even if I could, I don't know that it will support the needed commands.
I should mention that I have NAT Traversal and RIP turned on, neither which seem to help.
I need to be able to do this through the RV130 menus, which is the problem I'm running into.
The essence of the problem is that layer 3 devices like routers do not forward broadcasts from one subnet to another subnet. I believe that the optimum solution for what you want to do is L2TPv3. I am not sure whether your routers support this.
The RV130 can be set as a router or a gateway. I don't know if that helps. I've set them to be gateways. I don't see any settings for L2TPv3 anywhere.
Is there any sort of network appliance that I can install inside the routers that would accomplish what I need? I'm not opposed to adding to what I already have.
Also, I have One-to-One NAT in the firewall settings. What would be the effect of setting the other end back to using 192.168.1.0 addresses, but keep the 50-99 range and use 1-1 NAT to map 192.168.0.50-99 <=> 192.168.1.50-99? I can set that up on the near end, and it lets me. But, I need/want to physically be at the other end before I change the base addresses back to the 192.168.1.x range and turn the VPN back on.
I do not really understand what you are suggesting with using NAT. But I believe that it is not likely to fix your problem. The fundamental issue is that the router sees one broadcast domain on the interface where the LAN is connected and sees a different broadcast domain on its other interface. And it will not forward broadcasts from one broadcast domain to the other broadcast domain.
Yes, this is what the current configuration is doing, and I'm looking for a way to make it all one domain. Is there anything that can be done with subnet masks? What if I configure the RV130s at routers, using the cable modems as gateways (I'm not sure I like that idea). Is there anything I can add to the network?
From my reading, I think I need a bridge instead of a tunnel.....the RV130 may not be able to do that, but that is what I'm trying to do.
I do not believe that there is anything that you can do with subnet masks that will solve this issue.
When you have VPN it assumes that one subnet (and one broadcast domain) will be on one side and a different subnet (and a different broadcast domain) will be on the other side. And by default broadcasts are not forwarded from one broadcast domain to another broadcast domain.
Yes if you had a bridge instead of a tunnel then it would work very well. But having a bridge generally means that the two groups can be connected using an Ethernet cable (or a fiber connection).
It seems to me that you have chosen a tool intended for fairly simple (not expensive) requirements and are using it to solve a complex (more expensive) requirement of having devices in different physical locations share broadcast traffic. If your devices supported L2TPv3 I think it could work. Or if your devices supported GRE tunnels then perhaps bridging over the tunnel might work (though officially Cisco does not support that configuration). But I am not convinced that the RV130 has a solution for your requirements.