VPN Tunnel Recommendations

W

wilito92

New Member
Hi All,

I have 5 stores across Puerto Rico and I want to create a VPN Connection between each one. In 4 stores I only have Thin Clients that connect to our Central Office via Remote Desktop Connection. Users do everything on the Central Store which is where the servers are hosted. On each of the 4 stores I also have some IP Printers that I am wanting to use. However, I cannot use those IP Printers right now because I only have Thin Clients on those stores. To use those printers, I will have to add them to the Server to which users connect to via RDP.

Here comes the problem, since I don't have a VPN Tunnel between each of my stores, Store A cannot see the printer in Store B and store B can't see the printer on Store A and the same story goes to the other stores.

I have a Netgear Prosafe VPN Firewall Router (Model: FVS318). And I have other similar models of this Netgear Pro Safe VPN Firewall family on the other stores. 4 of these stores have a Dynamic Public IP Address (That changes at least every few hours or days) and the Central Office has a static IP Address (That never changes).

I am wanting to connect each store to the Central Office. Store A does a VPN to Central Office, Store B does a VPN to Central Office, etc.

My questions are the following:

1. Can I create the VPN with only having one static IP address (Central Location) and the other 4 having dynamic IP Addresses? The stores will VPN to the Central Location but the Central Location cannot VPN back to each store because the other 4 stores don't have a static IP Address.

2. If the answer is yes to the above question, will I be able to actually add each of the IP Printers that are on the 4 stores to the Server by just writing the IP Address of the printer in each of the stores? (Like will I be able to ping each of the local ip addresses of devices that are connected to the internet from the stores?)

Sorry for the long thread but I thought I'd be as detailed as possible from the beginning :)

Thanks,
W. Maldonado
 
1. This would be possible. But the central would need to know the ip's of the stores. You're not the first one with this scenario. Check out dyndns.

2. Simply put: yes. But you'll probably have to specify which network traffic may pass through the vpn tunnel and allow it. You'll also have to keep in mind what your current ip adressing scheme is. Some vpn tunnels allow for having the same ip ranges on both end (without ip duplicates of course). But i would be better (easier to manage) to have different subnets on each store/central store.
 
Vipernitrox said:
1. This would be possible. But the central would need to know the ip's of the stores. You're not the first one with this scenario. Check out dyndns.
Click to expand...

Yeah... I just wanted to avoid buying static IP Addresses for each of my stores. A static IP Address here in Puerto Rico is in the mid $50's per month so I just wanted to avoid that.

Vipernitrox said:
2. Simply put: yes. But you'll probably have to specify which network traffic may pass through the vpn tunnel and allow it. You'll also have to keep in mind what your current ip adressing scheme is. Some vpn tunnels allow for having the same ip ranges on both end (without ip duplicates of course). But i would be better (easier to manage) to have different subnets on each store/central store.
Click to expand...

So changing the subnet would not affect my internet connectivity from my ISP? Like here would the following scenario:

Store A: 255.255.0.255
Store B: 255.255.0.0
Store C: 255.0.255.255
Store D: 0.255.255.255

Central Office: 255.255.255.0

Would that scenario be possible?

Thanks a lot for your reply :)
 
yes you can in the central enable RRAS (i consider that you have a windows server ) and make over branchs connect to that server using a vpn connection dial
 
wilito92 said:
Yeah... I just wanted to avoid buying static IP Addresses for each of my stores. A static IP Address here in Puerto Rico is in the mid $50's per month so I just wanted to avoid that.
Click to expand...
You can, using dyndns. But your router must support that.
wilito92 said:
So changing the subnet would not affect my internet connectivity from my ISP? Like here would the following scenario:

Store A: 255.255.0.255
Store B: 255.255.0.0
Store C: 255.0.255.255
Store D: 0.255.255.255

Central Office: 255.255.255.0

Would that scenario be possible?
Click to expand...
Uhh, i don't think you quite grasp the idea of networking /subnetting. You could use 4 different subnets like this:
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24

All of them have a 255.255.255.0 subnet mask (hence the /24)

But if you're going to do this on your own i suggest reading up on subnetting and networking first.

Allawi said:
yes you can in the central enable RRAS (i consider that you have a windows server ) and make over branchs connect to that server using a vpn connection dial
Click to expand...
That would be an approach. But still keep in mind that the above stuff needs to be in order for it to work.

Personally i'd rather use a firewall/router to handle my all my network stuff. Including the vpn tunnels. Makes managing and troubleshooting your network issues much easier.
 
Vipernitrox said:
You can, using dyndns. But your router must support that.
Click to expand...

Yes. The Netgear FVS112 and FVS318 both support DDNS so I am positive I can do this now.

Vipernitrox said:
Uhh, i don't think you quite grasp the idea of networking /subnetting. You could use 4 different subnets like this:
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24

All of them have a 255.255.255.0 subnet mask (hence the /24)

But if you're going to do this on your own i suggest reading up on subnetting and networking first.
Click to expand...

I'm still new at this. However, I am having one problem with setting up the VPN. My ISP supply us with their own modem/router to give us Internet Access. It's a Thomson 782. My VPN Router is behind that modem.

All of the 4 stores have a similar modem/router provided by the ISP. Now the one conflict I am having is that all of them are configured to work with the following IP Settings (Local IP):

IP: 10.0.0.XXX
Subnet: 255.255.255.0
Gateway: 10.0.0.138
DNS: 10.0.0.138

As you can see, all 4 stores have the same Internal IP COnfiguration. From what I have read, the IP configuration must be different so the VPN Tunnel can work. I am going to call my ISP right now and see if they can walk me through changing this internet IP Configuration for the stores.

If I do find a way to change that IP Internal Structure so it can be different, I'm still a bit lost on how to create the VPN Tunnel itself.

My doubts come because since my VPN Router is behind my ISP Modem... I'm not sure how am I supposed to configure the ISP Router.

1. Like what ports do I have to open (If any).
2. Should I apply the DDNS to the ISP Router or to the VPN Router (Both Support DDNS)


I don't mind paying a few $$$ for someone to help me set this up.

THanks,

W. Maldonado
 
1. depends on the type of vpn you're going to use. Just google the vpn type and the ports will come up.
2. Only to the isp modem/router.
 
The main question in VPN is it depends on your needs and for the second question the answer would be a modem/router as well. Hope that helps thanks!
 
You must log in or register to reply here.
Back
Top