VPN

I asked this in the mailing list, but haven't had any responses, so I figured it wouldn't hurt to make a post about it here too.  (by the way, I love forums compared to mailing lists, thanks for the forums!).


On to the problem... I am setting up what amounts to a mobile office, and I need the users to be able to have the same IP addresses as they would have if they were inside the office itself.  This is working perfectly simply using PPTP VPN, except that they need to have a networked printer.  Unless anyone knows of a JetDirect type product out there that has PPTP VPN abilities, that means I need to use a Site-2-Site VPN.  I have setup a monowall to monowall site-2-site and it is working great, but I can't get the DHCP passthrough to work on it.

I have tried setting up a static route on the remote monowall to point to the inside address as suggested in these lists somewhere, but that didn't do any good, a traceroute shows that it goes to the internal IP and then sits there not knowing where to go next.  I really don't know what else to try, and I need to get it working in a hurry.  If anyone has any suggestions, I'd love to hear them!

Thanks for any help!
Mito

So the printer they are using will be on the remote users local LAN? 

If this is the case then you can disable the option to use the "Use default gateway on remote network" in windows TCP/IP settings for the dialup connection.  This will allow them to access the PPTP tunnel and the local network.  So they will be able to print to the local printer and still get to servers on the other site of the PPTP VPN.

So the printer they are using will be on the remote users local LAN? 

If this is the case then you can disable the option to use the "Use default gateway on remote network" in windows TCP/IP settings for the dialup connection.  This will allow them to access the PPTP tunnel and the local network.  So they will be able to print to the local printer and still get to servers on the other site of the PPTP VPN.

I'm not using PPTP, I'm using IPSEC.  I had said that PPTP works *if* I don't need a printer to work as well, but I do, therefore IPSEC.  And yes, it is a requirement that the printer be on the same IP net as the server, but still be located at the remote location.  And yes, the printer needs to be on the Remote Lan, but it needs to have a server-side LAN IP address, thus why I need DHCP-Passthrough to work, so it can get it's MAC-specific DHCP lease from the DHCP server on the server's side of the VPN.

All I want is a basic DHCP passthrough to work, but it's not working.  Literally, here's a drawing of my needed setup:

(http://img410.imageshack.us/img410/5786/dhcppassthroughpq9.jpg)

All I need is for the PC's and printer at "Site B" to be able to get a DHCP lease from the DHCP server shown in "Site A", and then, thus, have the exact same IP subnet as Site A.

I've done this before when going between a simple SonicWall and Netgear router, so I know it should be able to be done here, especially since it is a listed feature, and has the options to set it up.  My problem though, is that it's not working and there isn't really any decent documentation for it.

If anyone has any suggestions, I'd be VERY happy to test them out!

Thanks!

I've never tried it, but the DHCP relay, with an "appropriate" static route to work around a bug (see FAQ on SNMP over VPN, same fix), just might do it.

I've never tried it, but the DHCP relay, with an "appropriate" static route to work around a bug (see FAQ on SNMP over VPN, same fix), just might do it.

Note:

I have tried setting up a static route on the remote monowall to point to the inside address as suggested in these lists somewhere, but that didn't do any good, a traceroute shows that it goes to the internal IP and then sits there not knowing where to go next.

In other words, thanks for your input, but I already tried that but it doesn't do any good.  I've tried my share of my own attempts to get around it as well, trying things here and there, but nothing seems to work.

Again, thanks, but that didn't work for me.  My thought is:  is it possible that DHCP passthrough worked at some point a long time ago, but has since been broken unintentionally and is simply non-functional in the current builds of monowall?  Does _anyone_ have a functional DHCP passthrough setup in their system?

I'm just looking to get this working, and as I said before, I would be more than happy to help test if needed.  I'd also like to be able to help coding etc, but I'm not very good at programing this type of stuff.

Mito

I use DHCP relay and it works fine, but I don't use it across sites like you're attempting.

Personally, Internet connections are flaky enough that I wouldn't want to rely on a DHCP server across a VPN for LAN functionality to work.

I don't know what to suggest to make it work for you.

I use DHCP relay and it works fine, but I don't use it across sites like you're attempting.

Personally, Internet connections are flaky enough that I wouldn't want to rely on a DHCP server across a VPN for LAN functionality to work.

I don't know what to suggest to make it work for you.

Never really had many problems with internet being flaky (other than DSL, but then that's by design) when it wasn't due to a hardware failure.

Anyways, without the VPN connection there is no point of the remote LAN anyways, as 100% of the functionality relies upon the server on the DHCP-server side of the VPN.  How do you do DHCP relay that doesn't include going across sites?  How did you get it setup?  Perhaps I can take what works for you and figure a way to get mine to function?

Thanks for at least letting me know that it does work, in some situations at least... tips on how yours is setup would help some, thanks...

I use it to relay requests from multiple VLAN's to a single DHCP server. All I did to enable it was check the enable box and fill in the IP of the DHCP server.