Q

Do I need to configure routes when setting up WLAN via VPN?

This Content Component encountered an error

We have a small company network with a router/firewall against the Internet and a few computers/servers. We would like to add an WLAN access point to be able to work more flexible.

To secure the wireless connection we would like to put a VPN server between the access point and our network. Every WLAN client needs to establish a tunnel into the network via VPN.

We connected the VPN server directly to the LAN and tried to connect to our servers. It seems that we have only incoming traffic. When a server tries to answer WLAN client requests then those answers goes over the gateway (firewall/router) to the Internet instead of through the VPN server back to the WLAN client (an analysis whit ethereal shows this).

Is there a basic misunderstanding of the architecture of this configuration? Do we need to set a route somewhere?
Yes, you need to configure routes so that your application servers know how to return traffic to VPN clients. Let's assume your network topology looks like this:

Internet----Router/Firewall-----AppServers

You have added a VPN Server and AP to your network like this:

Internet----Router/Firewall----+----AppServers
                               |
                               +----VPN Server---WLAN Clients

Your AppServers currently use your Router/Firewall as their default route. They need to know to use the VPN Server as the next hop when returning traffic to VPN Clients. Let's assume that your WLAN Clients have IP addresses in the subnet 192.168.1.0. Let's assume that your Router/Firewall is 192.168.0.1, your AppServer is 192.168.0.2, and your VPN Server is 192.168.0.3. When a packet arrives from 192.168.1.1 (a WLAN client), the AppServer sends the response to its default gateway, 192.168.0.1. You want it to go instead to the VPN Gateway at 192.168.0.3. On the AppServer, add a route for 192.168.1.0 mask 255.255.255.0 via gateway 192.168.0.3. Also add this new route to your Router/Firewall so that it will know to redirect any packets it might receive to your VPN Server instead of forwarding them on to the Internet.

This was first published in March 2004

Dig deeper on Wireless LAN Implementation

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close