[Vpn-help] Windows client to Linksys and network shares
mgrooms at shrew.net
Sun Nov 30 01:13:25 CST 2008
> Great, now I can "use a virtual adapter with an assigned address". In this
> case, I've set the remote client with an IP of 10.7.10.250. It's
> interesting that the IP I source from as seen in service logs is
> 10.7.10.250. I was assuming that I'd have an IP on the remote subnet. Can
> the Linksys assign the client an IP in it's LAN subnet, or is that a
> function of modecfg?
Addressing the client in the same subnet as the remote network would
make it part of the same layer 2 broadcast domain. In other words, a
host behind the gateway would attempt to resolve the clients virtual
adapter MAC address using the ARP protocol. IPsec policy processing
happens at layer 3 and ARP is layer 2 and most gateways won't respond
with a proxy ARP response ( especially gateways that don't assign the
client virtual IP addresses ) so the ARP request would go unanswered.
By assigning an IP address for the client virtual adapter in a separate
network than the private network used behind the gateway, a host behind
the gateway will forward traffic to the next hop which is typically the
gateway itself. The gateway then performs IPsec policy processing using
the layer 3 source and destination IP addresses and then forwards the
traffic to the correct client via the encrypted tunnel.
I'm not sure if the Linksys routers can assign client IP addresses via
modecfg. My guess is that they can't. If they could, you would define an
IP address pool using a network that doesn't overlap any private network
behind the gateway. In other words, you would still use a network like
10.7.10.0/24 for client virtual address assignment.
> I also found that the firewall was blocking Samba. Sorry for crying wolf on
> that issue.
Were you able to correct this? Are you sure it was being blocked or was
NetBIOS name resolution just not working?
> Yes, thanks for the help,
More information about the vpn-help