VPN clients with 2 ADSL lines and one networrk

[JF]

Archived from groups: comp.dcom.vpn (More info?)

Hi u all

Heere is the problem : I've got 2 ADSL connections, and 2 Speedtouch
510/4 - The PCs and the modems are connected on a switch. One of the modem
is 10.0.0.138 and the other is 10.0.0.51 , then some of the PCs are
connected to the internet via 10.0.0.18 Gateway the others via 10.0.0.51
( The PCs are 10.0.0.xx/255.0.0.0 ) .
Everything works well for the internet, but, I need to connect all the PCs
to a VPN server and that's what confuses me.
Every PC using the 10.0.0.138 gateway can connect to the VPN server, and
they can be connected simultaneously. The PCs on the other gateway can
connect to VPN server, but only one at a time !
It is not a number issue : I can connect 5 PCs together to the VPN server on
the '138' gateway, but even if no PC is connected on this gateway, I can
only connect one if I use the '51' gateway .
Sure I'm missing something, but I've been unable to find an answer, and I've
been searching for about a week now .

So, if anyone have an (good ) idea....

Thanks a lot,

cu,
jf

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

SA are clashing.

Rosario

 

[JF]

Archived from groups: comp.dcom.vpn (More info?)

Rosario Cevena wrote:

> SA are clashing.
>
> Rosario
thanks, but....
what do you mean
??
--
sauter un pas pour me répondre

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

jf wrote:
> Rosario Cevena wrote:
>
>
>>SA are clashing.
>>
>>Rosario
>
> thanks, but....
> what do you mean
> ??

He means the two SA's for the VPN's are conflicting with each other.
But you were not even clear as to what type of VPN you are using. Is it
IPSEC or GRE or neither?
Also, you only mention the internal addresses. Are you using NAT? (you
must be, since 10.xx.xx.xx won't route on the internet!)
Since you MUST be using NAT, the problem is likely that the VPN server
see's all tyhe machines trying to connect as coming from the same IP
address. That won't work. Each outgoing VPN connection to that VPN
server must come from a different external IP address. That answers why
only one PC can connect thru the first gateway at a time. This is to be
expected. The work around would be to do a site to site vpn rather than
a PC to site vpn. (do the vpn connection on the gateway, not the PC)

 

[JF]

Archived from groups: comp.dcom.vpn (More info?)

T. Sean Weintz wrote:

> jf wrote:
>> Rosario Cevena wrote:
>>
>>
>>>SA are clashing.
>>>
>>>Rosario
>>
>> thanks, but....
>> what do you mean
>> ??
>
> He means the two SA's for the VPN's are conflicting with each other.
> But you were not even clear as to what type of VPN you are using. Is it
> IPSEC or GRE or neither?
> Also, you only mention the internal addresses. Are you using NAT? (you
> must be, since 10.xx.xx.xx won't route on the internet!)
> Since you MUST be using NAT, the problem is likely that the VPN server
> see's all tyhe machines trying to connect as coming from the same IP
> address. That won't work. Each outgoing VPN connection to that VPN
> server must come from a different external IP address. That answers why
> only one PC can connect thru the first gateway at a time. This is to be
> expected. The work around would be to do a site to site vpn rather than
> a PC to site vpn. (do the vpn connection on the gateway, not the PC)


Thank you . But that doesn't explain why several PCs, on the other
gateway, can connect at the same time, since he local addresses are the
same ?
I let most of it configure itself, the only changed the default address from
10.0.0.138 (deleted it) to 10.0.0.51 because the first modem/router is the
10.0.0.138 !
When I look at the config, I see :

PPPoA_1 IP adress Type = auto Conversion: napt
eth0 10.0.0.51 Type= Extra Conversion : none

Do you know how I make the connection to the gateway ? Or where I can find
an help about that ?

thanks again,
jf
--
sauter un pas pour me répondre

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

the problem is that both network have the same ip, 10.0.0.x, you
should change 1 of the net work to 10.0.1.x then it should work.

 

[JF]

Archived from groups: comp.dcom.vpn (More info?)

"kienly" <kienly@gmail-dot-com.no-spam.invalid> a écrit dans le message de
news: RZKdnZEjz7FNCfTfRVn_vQ@giganews.com...
> the problem is that both network have the same ip, 10.0.0.x, you
> should change 1 of the net work to 10.0.1.x then it should work.
>
Thanks for your answer . But it was not the reason. I've solved it last
friday : there was an automatic IP adress added in the modem configuration
(in the route table). I deleted it and everything works well now

Thanks again,
JF