Post date: May 6, 2011 7:52:39 AM
VPN between different networks within the mesh
Reprinted with permission from author.
I thought I'd post this because I've found a low-cost way to setup a
permanent VPN between different networks within the mesh. This would
be useful if you have someone that needs to create a VLAN between 2
different locations, both inside your mesh.
I've been playing with DD-WRT firmware on the Linksys WRT54GL router.
One of the options now available in version 23, service pack 2 is the
capability to establish a PPTP connection to a remote VPN server.
Here's are the steps for doing this inside the mesh:
1. Create a VPN account in Wiana
2. Install DD-WRT firmware to your router. File located here:
- click downloads
- then dd-wrt.v23 SP2.
- then standard
- then dd-wrt.v23_wrt54gbin
3. Setup the PPTP VPN client on the router, directions here:
http://www.dd-wrt.com/wiki/index.php/Static_PPTP_VPN_Client
You must activate the JFFS partition per instructions on the page.
That means that you MUST activate it through the web front end on the
router, then SSH into the router and enable it through nvram.
Once that is done on both routers, you configure both of the Linksys
routers to establish a VPN connection to one of the local access
points. It does not matter which, but both must be connected to the
same node. Although I've not tested this, I suppose that you could
connect to a node somewhere in between if the locations were several
hops away. Save the settings on the Linksys first, then reboot the
router, and it will then maintain a VPN connection.
Here are the settings on the Linksys:
On the Linksys, for server IP, you will use the 1.xxx.xxx.xxx Wiana address
On the remote subnet, you will use 192.168.xxx.1, where xxx is the
primary cell ID of the node
For remote subnet mask, use 255.255.255.0
Username - use the username already setup in Wiana. There is no need
to precede it with the domain
Password - use the password already setup in Wiana.
Other ideas for this. You should be able to setup a VPN connection to
your gateway. This will probably get around those pesky issues that
arise when someone has a work VPN that uses the 10.x.x.x or 172.16.x.x
IP scheme.
Have fun!
Kb