Seeing computers in My Network Places on a Router-to-Router VPN

[Banana fanna fo fanna]

I've been doing a ton of research on this and it seems that I need a router with DHCP relay over VPN, netbios over VPN, and upnp over vpn.

The first two I've managed to confirm are in sonicwall routers (TZ 150 & 180), but I can't seem to find much information about upnp on them. Does anyone know any routers that will support these three main functions?

Maybe I am totally ignorant, but I was under the impression that NetBIOS is just a suite of TCP and UDP protocols, DHCP is on top of UDP, and UPnP is some XML bullshit encapsulated in UDP datagrams. I'm also pretty ignorant of VPNs, but I'm pretty sure that any VPN software worth its salt should allow you to forward arbitrary TCP and UDP services. Do your routers/VPN software support configuring which protocols are forwarded? You shouldn't need to have custom VPN software for these protocols if you can just open UDP and TCP on the specific ports...

[Trance]

Actually I just realized that VPN ipsec tunnels have all ports open within the tunnel (yeah, I'm new to this) so I shouldn't have to forward anything especially if I'm on the same subnet using dhcp relay over vpn (sonicwall) but I can forward ports if I need to. With dhcp relay over vpn along with netbios over tcp/ip enabled I should be able to browse the network from each side (I think). My main concern now is whether upnp for the xbox will go over the tunnel without any problems.

*Googles some more*

[MrRaza]

http://openvpn.net/


Installation on the Server end should take about a minute or two while the client will take about 10. OpenVPN tunnels traffic over UDP port 5000 (2.0 release). OpenVPN works on serveral OS's from Windows, to Unix, to BSD and to Mac OS X. Although I suggest some of the *nix distro's. I can help you set it up as it's rather simple, but I can suggest some needed settings you might want to consider (TLS-Auth, MTU sizes, etc)


Play with it.

[MrRaza]

Oh, and there isn't JUST IPSec VPNs, SSL VPNs work much better in some ways.

[MrRaza]

http://openvpn.net/howto.html#start

Should get you started.

[Eric]

Set up a WINS server and configure NetBIOS over TCP/IP.

[Joe[x86]]

If you're having problems with both of them taking the same IPs from DHCP, give the routers ranges. Router A could take 192.168.0.1-50 and the other could take 192.168.0.51-100. Unless you plan on hooking more than 50 devices to each.

[Trance]

Set up a WINS server and configure NetBIOS over TCP/IP.

I tried this but because the two networks were on two different subnets 10.1.1.x and 10.1.2.x WINS was totally useless. I couldn't configure the VPN without putting them on two different subnets with the WRVS4400.

Currently my idea is to try and use two Sonicwall routers like this:

TZ 180 at location (A)
TZ 150 at location (B)
both with the same subnet (10.1.1.0/24) thanks to DHCP over VPN, the VPN would be an IPSec tunnel. I'm pretty confident that Netbios will pass-through but like I said before I'm much more concerned about upnp from the XBOX 360's that'll be running on this network. Does anyone happen to know if the upnp will go through a VPN like this? I'm having trouble finding a concrete answer.

http://openvpn.net/


Installation on the Server end should take about a minute or two while the client will take about 10. OpenVPN tunnels traffic over UDP port 5000 (2.0 release). OpenVPN works on serveral OS's from Windows, to Unix, to BSD and to Mac OS X. Although I suggest some of the *nix distro's. I can help you set it up as it's rather simple, but I can suggest some needed settings you might want to consider (TLS-Auth, MTU sizes, etc)


Play with it.

This is just VPN server software right? I'd still need a router on both ends along with a seperate DHCP server on one side? Does it have DDNS support, or can I at least enter in blah1.blah.com instead of an ip? This looks very interesting and I'm definitly going to look further into this. Do they still update this project?

I knew of SSL VPN's but the hardware for that is much more expensive so I never really bothered to look into it too much. How is SSL VPN better?

[Kp]

Why are you so determined to use a dedicated hardware device for the endpoints of this VPN?  With the right software, you can use any generic Linux or Windows system.  From a brief reading of the OpenVPN homepage, OpenVPN is one possible VPN client/server that would be installed on the endpoint devices.  This would be done instead of a dedicated hardware router.  I see OpenVPN updates as recently as a few months ago, so it appears to be alive.

SSL VPNs are better in that they can tunnel over NAT devices a little more cleanly than IPsec VPNs.  IPsec VPNs can do so as well, but require extra hacks related to adding another layer of encapsulation so that you are sending IP-over-IPsec-over-UDP.  SSL VPNs are also somewhat less prone to being blocked by misguided network administrators, since blocking them would require blocking all SSL traffic.  Blocking IPsec simply requires dropping the encapsulated IPsec datagrams.

SSL VPNs do not have a preinstalled Windows client.  As noted on the OpenVPN homepage:

While the PPTP protocol has the advantage of a pre-installed client base on Windows platforms, analysis by cryptography experts has revealed security vulnerabilities.

[MrRaza]

While poking around some old W2K3 Server labs I have, you can even use W2K3 as a Remote Access/VPN Server to try make this work. Just a suggestion; how'd OpenVPN work out?

[Trance]

Sorry been stuck trying to finish an essay for the last few days, so I haven't had a chance to try any of my ideas. Plus my main computers motherboard caught fire... so now I need a new motherboard.

I like the idea of a all-in-one hardware client so that I don't have to have more than one box at the other end. It would idealy keep costs down and I wouldn't have to build 4 new computers (eventually plan to have 3 sites connect to mine).

So OpenVPN would basically be able to see all network traffic even if it isn't the router and send it over? Would SSL have any advantage over IPSec for sending over things like upnp or high bandwidth stuff? Say an average of 6-9mbps?

I've considered the Remote Access/VPN option as well but again it'd require another computer on the other side and then I'm not so sure it'd send over upnp traffic.

[MrRaza]

I have some White Papers on IPSec, SSL VPNs, DiffieHillman, and another article on how OpenVPN works with SSL VPNs, etc.

Would you like me to send you them?

[Trance]

Yeah, that would be great! Just PM me I guess.

[Trance]

Okay so I worked on this last weekend with sonicwall routers and it failed as well despite being on the same subnet etc, so basically I've decided that I'll try a software solution like OpenVPN.

I managed to find lintrack which seems to suite all my needs, basically a LAN Gateway and OpenVPN in one box. I was wondering if anyone knew of solutions that were similar so that I can compare? I guess something along the lines of installing a certain linux distro and using it as a gateway along with installing OpenVPN so that all traffic passes through like this diagram (below) which I found on here.

[Trance]

I've settled on using FreeBSD together with OpenVPN because it's free, stable, and can run on computers that were on their way to the grave. I've gotten FreeBSD to act as a LAN Gateway, but now I'm at a loss on how to configure the OpenVPN bridge. I've been googling for days trying to find a nice guide to setting it up, but each guide I find is different so I don't know if they're out of date or if they do what I want. Can anyone point me in the right direction? I'd really appreciate it!