We have a small company network with a router/firewall against the Internet and a few computers/servers. We would...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
like to add an WLAN access point to be able to work more flexible.
To secure the wireless connection we would like to put a VPN server between the access point and our network. Every WLAN client needs to establish a tunnel into the network via VPN.
We connected the VPN server directly to the LAN and tried to connect to our servers. It seems that we have only incoming traffic. When a server tries to answer WLAN client requests then those answers goes over the gateway (firewall/router) to the Internet instead of through the VPN server back to the WLAN client (an analysis whit ethereal shows this).
Is there a basic misunderstanding of the architecture of this configuration? Do we need to set a route somewhere?
Yes, you need to configure routes so that your application servers know how to return traffic to VPN clients. Let's assume your network topology looks like this:
You have added a VPN Server and AP to your network like this:
Internet----Router/Firewall----+----AppServers | +----VPN Server---WLAN Clients
Your AppServers currently use your Router/Firewall as their default route. They need to know to use the VPN Server as the next hop when returning traffic to VPN Clients. Let's assume that your WLAN Clients have IP addresses in the subnet 192.168.1.0. Let's assume that your Router/Firewall is 192.168.0.1, your AppServer is 192.168.0.2, and your VPN Server is 192.168.0.3. When a packet arrives from 192.168.1.1 (a WLAN client), the AppServer sends the response to its default gateway, 192.168.0.1. You want it to go instead to the VPN Gateway at 192.168.0.3. On the AppServer, add a route for 192.168.1.0 mask 255.255.255.0 via gateway 192.168.0.3. Also add this new route to your Router/Firewall so that it will know to redirect any packets it might receive to your VPN Server instead of forwarding them on to the Internet.
Dig Deeper on Wireless LAN Implementation
Related Q&A from Lisa Phifer
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.