We have a small company network with a router/firewall against the Internet and a few computers/servers. We would like to add an WLAN access point to be able to work more flexible.
To secure the wireless connection we would like to put a VPN server between the access point and our network. Every WLAN client needs to establish a tunnel into the network via VPN.
We connected the VPN server directly to the LAN and tried to connect to our servers. It seems that we have only incoming traffic. When a server tries to answer WLAN client requests then those answers goes over the gateway (firewall/router) to the Internet instead of through the VPN server back to the WLAN client (an analysis whit ethereal shows this).
Is there a basic misunderstanding of the architecture of this configuration? Do we need to set a route somewhere?
Yes, you need to configure routes so that your application servers know how to return traffic to VPN clients. Let's assume your network topology looks like this:
You have added a VPN Server and AP to your network like this:
Internet----Router/Firewall----+----AppServers | +----VPN Server---WLAN Clients
Your AppServers currently use your Router/Firewall as their default route. They need to know to use the VPN Server as the next hop when returning traffic to VPN Clients. Let's assume that your WLAN Clients have IP addresses in the subnet 192.168.1.0. Let's assume that your Router/Firewall is 192.168.0.1, your AppServer is 192.168.0.2, and your VPN Server is 192.168.0.3. When a packet arrives from 192.168.1.1 (a WLAN client), the AppServer sends the response to its default gateway, 192.168.0.1. You want it to go instead to the VPN Gateway at 192.168.0.3. On the AppServer, add a route for 192.168.1.0 mask 255.255.255.0 via gateway 192.168.0.3. Also add this new route to your Router/Firewall so that it will know to redirect any packets it might receive to your VPN Server instead of forwarding them on to the Internet.
Dig Deeper on Wireless LAN (WLAN)
Related Q&A from Lisa Phifer
Is there a difference between a wireless access point vs. a router? Yes -- while the two wireless devices are related, they meet different needs in a... Continue Reading
Learn the differences between site-to-site VPNs vs. remote-access VPNs and find out about the protocols, benefits and the data security methods used ... Continue Reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ... Continue Reading