Making another network see and access another one!

By htcz
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

htcz

Posted
Posted

Hey

Let me see how I explain this:

Network 1:

WAN add: 88.34.12.3

Router add: 192.168.100.100

Netmask: 255.255.255.0

Clients (for examples): 192.168.100.2, 192.168.100.3, etc

Network 2:

WAN add: 94.55.98.3

Router add: 192.168.1.1

Netmask: 255.255.255.0

Clients (for examples): 192.168.1.2, 192.168.1.4, etc

Now how can I "join" both networks so when Im at a PC with 192.168.100.2 I can ping (and access) 192.168.1.4?

VLANs? Routes? Subnetting?

Thanks!

Grand Master

Bryan R.

Posted
Posted

If these two networks can be physically connected and the equipment is capable of routes, that is the way to go.

If the network are separated by public internet space, a VPN router at end will be your only option.

VPN would work in either case though. It just seems a little silly to VPN in scenario 1.

Mentor

htcz

Posted
  • Author
Posted

If these two networks can be physically connected and the equipment is capable of routes, that is the way to go.

If the network are separated by public internet space, a VPN router at end will be your only option.

VPN would work in either case though. It just seems a little silly to VPN in scenario 1.

I think I have have explained myself incorrectly.

There is only ONE scenario. 2 networks seperated by a public space (internet would be the case) but I want to them to be seeable and access each other freely.

Besides VPN (which I knew of :) ) is there any other choice (irrelevent if it is better ot worst; I just want to be able to explain it and give options)?

Also something that can be done freely; Nothing proprietary

Mentor

htcz

Posted
  • Author
Posted

I went ahead and drew this out (yes I know my drawing skill are great :p )

This is basically what I have. Just to show you a bit what I mean :)

Now, I knew about VPN and I understand if it is the only way but theres no other technology out there? I would understand it being "difficult" as with NAT, Firewalls, etc a direct connection like this would be impossible but just to know :)

Also, how can I configure a VPN via simply command line? One of the reasons I asked for alternatives to VPN is because on some of these I only have access to a command line and Im not sure if Linux distros by default include a VPN server/client.

Thanks to all that have helped.

Grand Master

xendrome

Posted
Posted

I went ahead and drew this out (yes I know my drawing skill are great :p )

This is basically what I have. Just to show you a bit what I mean :)

Now, I knew about VPN and I understand if it is the only way but theres no other technology out there? I would understand it being "difficult" as with NAT, Firewalls, etc a direct connection like this would be impossible but just to know :)

Also, how can I configure a VPN via simply command line? One of the reasons I asked for alternatives to VPN is because on some of these I only have access to a command line and Im not sure if Linux distros by default include a VPN server/client.

Thanks to all that have helped.

VPN Routers at each end, static IP for each sites Internet connection, create a tunnel, done. Google -

SRXN3205

Grand Master

Bryan R.

Posted
Posted

I went ahead and drew this out (yes I know my drawing skill are great :p )

This is basically what I have. Just to show you a bit what I mean :)

Now, I knew about VPN and I understand if it is the only way but theres no other technology out there? I would understand it being "difficult" as with NAT, Firewalls, etc a direct connection like this would be impossible but just to know :)

Also, how can I configure a VPN via simply command line? One of the reasons I asked for alternatives to VPN is because on some of these I only have access to a command line and Im not sure if Linux distros by default include a VPN server/client.

Thanks to all that have helped.

You say you know what VPN is but then you talk about configuring it via command line. Unless you have some moderately sophisticated server at each end, what in the world are you thinking?

VPN is it. There's nothing wrong with the technology so what is the hesitation?

There are software VPN solutions like Hamachi, but just do it right and get hardware.

Edit after seeing picture: So you already have routers at each end. Well, what model are they?

Mentor

htcz

Posted
  • Author
Posted

VPN Routers at each end, static IP for each sites Internet connection, create a tunnel, done. Google -

SRXN3205

Ah VPN routers.....thats what I am trying to avoid!

Not really avoid, just if it cant be done any other way, it cant be done.

The SRXN3205 is kind of cheap and used at a domestic level right?; We are looking for more industrial "module" type of routers. Google - NetModule NB1600

Mentor

htcz

Posted
  • Author
Posted

You say you know what VPN is but then you talk about configuring it via command line. Unless you have some moderately sophisticated server at each end, what in the world are you thinking?

VPN is it. There's nothing wrong with the technology so what is the hesitation?

Edit after seeing picture: So you already have routers at each end. Well, what model are they?

This information is both unknown (actually I know one end only but im looking for something that wouldnt matter) and unreplacable :) Buying the 2 cheapest DD-WRT routers, turning on their VPN features and calling it a day wont do justice here....

Even if it is VPN, there has to be SOME configuration at the end to end point: Someone listening and another one sending (in a PTPP).

I guess VPN then is the only way.

Grand Master

Bryan R.

Posted
Posted

I guess VPN then is the only way.

Once again, yes.

Buying the 2 cheapest DD-WRT routers, turning on their VPN features and calling it a day wont do justice here....

Why not?

Even if it is VPN, there has to be SOME configuration at the end to end point: Someone listening and another one sending (in a PTPP).

Of course there's configuration, but to ask how to do it via command line implies you know the equipment at each end.

Grand Master

Bryan R.

Posted
Posted

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

Where would anything get out to the internet then?

Mentor

c.grz

Posted
Posted

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

If routing is configured correctly, then you'd be all set. Of course both router interfaces talking to each other will have to be on the same subnet.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

you are best off doing this at the firewall. not to one or another pc. If your firewall is cli based, like say a cisco asa, then yes it can be done at a command line through either telnet or ssh. That is the way I would recommend setting it up when you need site a access to site b.

Mentor

htcz

Posted
  • Author
Posted

Why not?

Not an acceptable option. I guess then (preconfigured) VPN routers are the only way to do this

Of course there's configuration, but to ask how to do it via command line implies you know the equipment at each end.

I didnt directly imply anything :) I simply asked if it was possible other ways than VPN.

Where would anything get out to the internet then?

It wouldnt. It would be 2 networks (192.168.100.x and 192.168.1.x) trying to communicate with each other.

There is also GRE tunnelling, which is insecure unless wrapped inside an IPsec tunnel. That is possible on Linux. On Windows Server you could use it's built in VPN and some clever routes.

Problem is GRE is Cisco depenent

If routing is configured correctly, then you'd be all set. Of course both router interfaces talking to each other will have to be on the same subnet.

The same subnet or same subnet mask (which may be the same thing and Ive mixed up terms)

Mentor

c.grz

Posted
Posted

The same subnet or same subnet mask (which may be the same thing and Ive mixed up terms)

Both, in order to be on the same subnet the having the same subnet mask is the first requirement.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

Both, in order to be on the same subnet the having the same subnet mask is the first requirement.

Why are you talking about this? the solution is to be on a vpn. You would need routeable interfaces, if everything is on the same subnet or supernet you take that ability out. I haven't seen in a long time where a network is point to point, everything is frame or mpls or vpn...all of these technologies require route-able networks not in the same subnet(s).

Mentor

c.grz

Posted
Posted

Why are you talking about this? the solution is to be on a vpn, even in a point to point network the subnets wouldn't be the same as they would need to route. You would need routeable interfaces, if everything is on the same subnet or supernet you take that ability out. I haven't seen in a long time where a network is point to point, everything is frame or mpls or vpn...all of these technologies require route-able networks not in the same subnet(s).

I'm responding to the question he asked; which I quoted in my first post.

Oh, what about if internet is not in the middle? (Take the picture I put there and instead of a circle that says internet replace it with a line connecting both routers)

This is nothing about the situation; Just personal intrest to learn more.

In this instance; then subnets do matter; yes or no?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.