• VPN between buildings
    5 replies, posted
So we're moving a division of my company to a new location. We are leaving behind a server that will continue to be used by another department. We will need to access information from the server at the new location for about six months after the move. So far, I've been able to open up an IPsec Site-to-Site VPN between the two Ubiquiti EdgeRouters at each location but I'm not sure how to get the traffic flowing. The software we need to access is run by placing a shortcut on the desktop of the workstation, with the target set to the location of the program on the server, plus a station number. You can essentially get any computer on the same network to run the software by just attaching the server's shared drive and creating a shortcut to the program. We'd like this to work the same way in the new location. I've tried to make it work using Hamachi, to see if this will even work, but the program throws an exception on launch. The workstations at the new location are on a 192.168.20.0/24 subnet while the server address at the original location is 192.168.10.22. I'm aware of NAT traversals and translating the internal address to external addresses for the tunnel, however the Ubiquiti reps keep pointing me to the tutorials which are no help. My question is: is this the correct VPN to implement for this? Should I just be using remote desktop?
You can enter "set protocols static interface-route <other router's subnet> next-hop-interface <ipsec interface>" on each edgerouter if you want to do this. But you should get your IT department to do that because they know what they're doing better than me telling you to implement static routes over a VPN.
I am the IT Department.
Hello fellow single-person IT department guy! In which case I should point you to the UBNT knowledge base: IPSec Site-To-Site. Theres a good many tutorials on different flavours of it including configuring IPSec to deal with NAT which may be of interest to you.
Might be a silly question, but does each site have static addressing on the interwebs? Mind posting sanitized configs?
Some routers don't create routes for VPN traffic automatically. Even if the VPN tunnel is up, the traffic won't get anywhere unless the router has a route. For example "If traffic is going to <address/subnet> then use <VPN>". This bit me in the ass more times than I can count.
Sorry, you need to Log In to post a reply to this thread.