PDA

View Full Version : V7610 Netgear BUSINESS GATEWAY VPN pool ip address understand concept



zillah
05-13-20, 06:15 PM
Dear folks


https://www.telstra.com.au/content/dam/tcom/small-business/bundles/pdf/telstra-gateway-prov7610-configuration-guide.pdf


I have got V7610 Netgear GATEWAY and I followed the attached document to setup Client to Gateway VPN page 5 and 6 says :



In the VPN remote virtual IP field, enter an IP address and mask and click Save. This is the range of IP addresses that the remote clients will be configured with when the VPN tunnel is set up. Note that this range must not be in the range of LAN IP addresses set up for the V7610 device "



I chose My gateway range of DHCP LAN ip address from 192.168.0.101-192.168.0.199.



1- How can I assign the VPN remote virtual IP say 192.168.0.52-192.168.0.80 same network but different range from the DHCP LAN ranges 192.168.0.101-192.168.0.199 ?

2- Snapshot below from the document above showing unique ip address been configured which is 192.168.16.1/24 ,,,,,Is this typo ? Shouldn't be 192.168.16.0/24 to refer to network address
https://imgur.com/a/xA9yH24


VPN is working ip addresses confused me

Thx

Philip
05-14-20, 07:21 AM
1. Your LAN IP address range is 192.168.0.101 - 199, however that is most often configured with the subnet mask 255.255.255.0 (CIDR notation 192.168.0/24). This means all 192.168.0.* IPs (255 of them) would be assigned to your LAN, whether they are using DHCP or not. Any IP address in that range can reach your router's IP. You'd have to reduce that to fewer IPs with a different subnet mask if you want to use part of the same 192.168.0.* IP range for the VPN. This can be achieved with subnet masks of (255.255.255.128/25), 255.255.255.192 (/26), etc. dividing the 192.168.0.* range further. However, you wouldn't gain anything, since you'd have to first exclude IPs from the LAN IP range before you can add them to the VPN range. The VPN gets its own "VPN remote virtual IP" outside of the LAN subnet.

2. It is probably a typo, since the 192.168.1.0 is not usable, it is the "network address", just as the .255 is reserved as the "broadcast address".

zillah
05-14-20, 03:01 PM
Thx Philip


Your LAN IP address range is 192.168.0.101 - 199, however that is most often configured with the subnet mask 255.255.255.0 (CIDR notation 192.168.0/24).
Clear


This means all 192.168.0.* IPs (255 of them) would be assigned to your LAN, whether they are using DHCP or not.
Make sense


You'd have to reduce that to fewer IPs with a different subnet mask if you want to use part of the same 192.168.0.* IP range for the VPN. This can be achieved with subnet masks of (255.255.255.128/25), 255.255.255.192 (/26), etc. dividing the 192.168.0.* range further.
Clear to me

Now my next question to assign the VPN's pool a range of ip addresses on a subnet different from my LAN subnet (192.168.0.0/24) I have to enter something like below :
192.168.0.0/25
Or
192.168.0.0/26
Or
192.168.20.0/24
Or
10.0.0.0/24
Or
172.16.0.0/16
etc

Or for the Netgear box to understand it,,,,,we have to enter it like this
192.168.0.1 and subnetmask is 255.255.255.128
Or
192.168.0.1 and subnetmask is 255.255.255.192
Or
192.168.20.1 and subnetmask is 255.255.255.0
Or
10.0.0.1 and subnetmask is 255.255.255.0
Or
172.16.0.1 and subnetmask is 255.255.255.0
etc


If VPN pool subnet is different from LAN subnet ,,,,,,How remote Laptop if it has different subnet ip address that accessing my LAN via VPN would access the printer for instance ?

Philip
05-14-20, 08:21 PM
There may be a setting in the VPN configuration somewhere that allows you to access local LAN resources. I would try it, even if the assigned VPN IPs are in a different subnet, the router is probably setting some type of route to access local resources on the LAN.

zillah
05-15-20, 05:17 AM
There may be a setting in the VPN configuration somewhere that allows you to access local LAN resources. I would try it, even if the assigned VPN IPs are in a different subnet, the router is probably setting some type of route to access local resources on the LAN.
That is right we have to add a static router as it says in the same document page 46:

https://imgur.com/a/AvcQzaH

route add <Modem LAN subnet> mask <subnet mask> <VPN remote virtual IP of the gateway>

My last question

Why the client windows 10 Built-in VPN keeps asking for the VPN's password although I saved the username and password ?

Philip
05-15-20, 06:26 AM
Hmm, check this:
Control Panel > System & Security > Administrative Tools > Local Security Policy. In there, check Local Policies > Security Options > Network access: "Do not allow storage of passwords and credentials for network authentication". Should be set it to Enabled

There may be something in Group Policies..

You may also check this in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\DisablePasswordCaching