I have my router (RB750) set up with two ISP's where the second ISP is set up as a backup line / failover.
On my LAN I have two units that i need to set up so that they connect to remote IP thorugh a PPTP tunnel. These two uints does not have any build in VPN client so i need to do this in my RB750.
I can set up the PPTP client in the RB750 and I checked the WIKI for help, but I just can't get my head around how to do the routing. I don't want my whole LAN to connect through the VPN. It is only two specific units/Ip's on my LAN that I want to route to the tunnel via my backup ISP connection (PPPoE).
Could you please give my some hint's that could guide me in the right direction.
Thanks in advance,
Pilgrim
Re: VPN - please help
You need to setup 2 routes:
- one with the remote networks IP/Netmask for your VPN having as gateway your tunnel interface
- a default route set up as required for your ISP
Note that generally if the netmask is more restrictive then it will take precedence, so anything matching your remote VPN will go through the VPN interface (since it will have something like a /24 or 255.255.255.0 netmask) and the rest will go to the ISP (the default route having a /0 or 0.0.0.0 netmask).
For routing only 2 IPs, you could even define 2 routes with netmask /32 (255.255.255.255), one for each remote computer, pointing to the tunnel, but it is nicer to have only 1 route and use a subnet for that purpose
- one with the remote networks IP/Netmask for your VPN having as gateway your tunnel interface
- a default route set up as required for your ISP
Note that generally if the netmask is more restrictive then it will take precedence, so anything matching your remote VPN will go through the VPN interface (since it will have something like a /24 or 255.255.255.0 netmask) and the rest will go to the ISP (the default route having a /0 or 0.0.0.0 netmask).
For routing only 2 IPs, you could even define 2 routes with netmask /32 (255.255.255.255), one for each remote computer, pointing to the tunnel, but it is nicer to have only 1 route and use a subnet for that purpose
Re: VPN - please help
Thanks, I will try. I want for sure only the two IPs to go through the tunnel so it will try to see if I can set up routes with the /32 netmask. Alternatively I was wondering if this could work with a routing mark for the tunnel and and lookup / routing policy that says everything with this rouing mark to the tunnel?
rgs Pilgrim
rgs Pilgrim
Re: VPN - please help
I think this will be a not needed supplemental step.
It will mark a packet and the lookup its specific routing table to do the same ip/mask routing in that table.
Just a waste of CPU/RAM in my opinion since it will achieve the same goal with an additional marking step.
Basically ip/mask marking + marked routing == ip/mask routing.
Like b = a, c = b is the same like c = a but with more fuss.
It will mark a packet and the lookup its specific routing table to do the same ip/mask routing in that table.
Just a waste of CPU/RAM in my opinion since it will achieve the same goal with an additional marking step.
Basically ip/mask marking + marked routing == ip/mask routing.
Like b = a, c = b is the same like c = a but with more fuss.