[SOLVED] Accessing intranet from outside network

[fea]

Hi,
I have a question regarding accessing my local network from outside location.
I would like to do 2 things - if they are possible, and such solutions would be mutually compatible.
Let's call the network i want to access - Network A, and the other one, in another location Network B. I want to access network A resources from network B.

1. Be able to create remote connection to computers in Network A from network B.
2. Be able to access and "see" shares and computers of network A while using network B.

I thought that VPN makes it possible, but apparently not. I thought that by connecting to vpn using my credentials i will be virtually connecting to one "virtual LOCAL network" from different locations, but apparently it's not the case. Can you help me what solutions are available?

 

[bill001g]

Not sure what you are talking about when you say vpn does not work. This is the exact solution you need.

I will hope you did not spend money to sign up for some vpn service and think that would accomplish the task. Those are mostly to provide remote access to a different internet connection.

You need to setup your own vpn server on what you call network A. It tends to be easiest if the router support the vpn server but you could use a PC as a vpn server it is just a more complex configuration.

 

[fea]

Hi,
thank you for quick answer.
Big thank you for explaining the difference between vpn service and vpn server. I didn't know that i don't need vpn service. As i was testing and talking to support i was using 7 day free trial so no harm done in this department ;p
I actually do have router with this capability, it is ASUS RT-AC68U, but I immediately run into problems. On the VPN server page i see warning

The wireless router currently uses a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x). Please configure DDNS service before starting the VPN server.

So i go-to DDNS page and there i see another warning

The wireless router currently uses a private WAN IP address.
This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.

I should add that i have external non-static public ip (it changes with each modem reset). I have configured dynamic dns on https://freedns.afraid.org/ which was needed to setup ftp server on one of the computers from network A. This ddns provider is not listed in asus firmware. Besides it seems, from this warning, that router cannot operate in this environment. So the option left is to setup vpn server on one of the pc's?

 

[fea]

Well, I've managed to connect to the Network A while being on network B.
I set up port forwarding and i see incoming connection on my virtual server on Network A. But still i cannot see the PC from network B while on network A, and vice versa as well.
I have followed this tutorial.

How to Create a VPN Server on Your Windows Computer Without Installing Any Software

Windows has the built-in ability to function as VPN server using the point-to-point tunneling protocol (PPTP), although this option is somewhat hidden.

www.howtogeek.com

Any hints why i cannot see these shares? how do i access this PCs?

 

[bill001g]

The network neighbors thing will not work when you are on a different network. You can just mount devices via IP address and it will work. This is one of the function of a domain controller in microsoft server networks. It lets you see other machines when you and not on the same local lan segment

 

[SamirD]

If you have the two networks joined correctly, you will be able to ping each resource from the other side and also access them by ip--name resolution won't work without some extra work.

 

[fea]

Hi, big thank you for your answers. I have set it up, its all working but i have problem connecting more than one user. It is set up on windows 10 pro machine. Is there a limit of 1 person to connect to VPN?
Alternatively i could setup multiple VPNs on multiple PCs (so i could connect to them) but i think it is not possible to choose a port in windows prebuilt VPN connection client. Is that so? I type ip_addressort and it is not"understanding" that this port number is not a part of ip address.
Are there any solutions to my problem? Except proprietary software. I know of open vpn etc.

 

[bill001g]

It could be a limitation of windows. PPTP is not a very secure protocol so I have not run it in many years.

I misread this I though you figured out how to get past the Asus warning messages. Is the asus you main router or are you attempting to put it behind your main router. It is going to be very hard to get it to work for what you are trying to do if it is not your main router.

Running VPN on the main router tends to be the simplest way to get what you need done. There likely is some limit on the number of users but it is not just 1 remote user.

You might see if you can find a openvpn server for your PC. Openvpn is a full function vpn and would not have the same limitations.

 

[fea]

It isn't my main router, it is behind device which runs simultaneously as a modem and router. I route traffic through first router, to the second and from second to PC which runs VPN.
So i should run this first device modem+router as a bridge if this is possible by the software?
Then second router would have external ip, and warning messages would dissapear.

 

[bill001g]

If you can bridge the first router that will likely be the simplest way. If you can't get it into bridge mode you could put a DMZ rule in the first router pointing to the second. You would then just ignore any warnings about private IP. Be sure the WAN and LAN are using different IP blocks.

In both cases you must now run all your traffic via the second router.

 

[fea]

What does it mean to make sure that WAN and LAN are using different IP blocks?

 

[bill001g]

A lot of routers use 192.168.0.1 for the lan IP subnet. If both your routers use the same subnet the main router will give your second router a IP say 192.168.0.100 on the wan port and tell it the default gateway is 192.168.0.1. Now if the second router is also using 192.168.0.1 for its lan it will be confused because the main router in effect told it that its gateway was its own lan port rather than sending it to the main router

 

[fea]

So will it be enough that i assign static IP to second router as 192.168.0.2? Or do i need to setup static ip to second router 192.168.15.1 - it means that it will be using subnet 15, not 0,
i now access first router through 192.168.0.1
and second through 192.168.1.1
I'm unsure if it configured itselft as this, but i cant see pcs connected to the first router while im connected to second router.

 

[bill001g]

If they are already 192.168.0.1 and 192.168.1.1 then you are fine.

It is really common to have issue accessing machine when some are on one router and others are on the second. This is generally NAT problems or because it is using things like microsoft discovery to find them. Running a VPN on the router makes this even more complex. You can get past some of this with port forwarding rules and things but it is one of the reasons it is not recommended to run 2 routers in home installations.

You are best off pretending the ISP router does not exist and hook everything to the router you are going to run the VPN on.

 

[fea]

Hi, everything is working. Even better than expected.
In router software i had option to assign range of IP's which will be assigned to VPN clients. I used range inside my "main location" subnet. This happened to create situation that i see in remote machine connected to VPN my local network from "main location" So it works like I in 100% am inside the local network.
Really, I very much appreciate all your help.
Thank you !