Dial-out from inside a multi-WAN network - possible?

T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,193
Reaction score
10,233
Location
Nkaaaaandla
Hi guys

Is it possible to "dial-out" from an restricted, internal network, so that the machine dialling out, dials to a specified server, and the server grants access to the outside?

Regards

Ook
 
Well it kinda depends on multiple factors.
Mainly route and method.
route:
Are you wanting to dial out using the default gateway(router) or using a 3g modem or other device.
Method:
Are you wanting to VPN out, use a SSL proxy/SOCKS, PPPoe connection.

From what you are saying I am guessing you want to tunnel out over a allowed protocol to an external server.
However this depends on what the firewall allows.
Essentially if you have a computer/server on the outside that you have access to, you can tunnel all your protocols across and have access to the web yes.
 
deepdiver said:
Well it kinda depends on multiple factors.
Mainly route and method.
route:
Are you wanting to dial out using the default gateway(router) or using a 3g modem or other device.
Method:
Are you wanting to VPN out, use a SSL proxy/SOCKS, PPPoe connection.

From what you are saying I am guessing you want to tunnel out over a allowed protocol to an external server.
However this depends on what the firewall allows.
Essentially if you have a computer/server on the outside that you have access to, you can tunnel all your protocols across and have access to the web yes.
Click to expand...

More like a PPPoE connection.
 
The network is like this :

192.168.50.23 ------- router (192.168.50.254) ---- vpn cloud ---- router (192.168.20.254) --- internet gw (192.168.20.1)

So ftp traffic need to go out to a server on the internet via 192.168.20.1 (both up and downloads) without making use of a proxy server.

If you can initiate [something like PPPoE] so that the server at 192.168.20.1 can route you to your destination....

Hope it makes sense...
 
Oh, by the way, if any bright spark suggest that we make use of analogue/isdn/3g devices, forget it. For starters, 3g coverage is poor. And analogue/isdn is not an option.
 
Haha not really.
I am guessing you have a site to site VPN after which you connect out onto the internet via the internet gateway.
Problems all round here other than the fact that you are using internet twice here one for the cloud and on for "internet"
PPPoE would not really work here as it is a link layer protocol and you are going across routers with different subnets AFAIK.
Better would be to possibly split tunnel your traffic or change the network setup.
Policy based routing blah blah
Depends is this for a normal work function or are you trying to get around something here.
Is normally the latter haha
 
The_Librarian said:
The network is like this :

192.168.50.23 ------- router (192.168.50.254) ---- vpn cloud ---- router (192.168.20.254) --- internet gw (192.168.20.1)

So ftp traffic need to go out to a server on the internet via 192.168.20.1 (both up and downloads) without making use of a proxy server.
Click to expand...

Probably to early for me and being daft but what's the problem? where is the proxy in the above network? Why not just bypass it or configure it to allow certain types of traffic/ports/hosts?
 
Well, it can be done if you setup a pptp connection to a router or pc on the 192.168.20.0/24 range... and from there it routes traffic out to the internet...
All depends what access you have to the network, if you are able to setup the pptp server etc... but short answer is yes.. it can be done
 
create a new vlan with the gateway you require. put server in that vlan.
 
One setup that I have that is almost the same:
from PC at remote office with ip 10.2.7.120-> gateway 10.2.7.254(Company Cisco router) -> 10.2.7.253(Telkom VPN router) - VPN cloud - 165.xxx.xxx.xxx (Telkom VPN Router terminating at Head office) 10.1.10.2 -> 10.1.200.253(Microtik router)
HO Gateway (10.1.100.254)

A program on the pc was giving to much crap, could not take proxy settings etc and firewall was giving problems. In the end we added a RB450 Mikrotik router at the Head office, setup a PPTP server and setup routing etc.
So the pc dials a PPTP to the mikrotik, and the mikrotik forwards it out to a designated gateway to the internet...
 
ShawnStar said:
One setup that I have that is almost the same:
from PC at remote office with ip 10.2.7.120-> gateway 10.2.7.254(Company Cisco router) -> 10.2.7.253(Telkom VPN router) - VPN cloud - 165.xxx.xxx.xxx (Telkom VPN Router terminating at Head office) 10.1.10.2 -> 10.1.200.253(Microtik router)
HO Gateway (10.1.100.254)

A program on the pc was giving to much crap, could not take proxy settings etc and firewall was giving problems. In the end we added a RB450 Mikrotik router at the Head office, setup a PPTP server and setup routing etc.
So the pc dials a PPTP to the mikrotik, and the mikrotik forwards it out to a designated gateway to the internet...
Click to expand...

Sounds good.

You got PM.
 
Resolved.

Well, almost.

Dial-out from inside the network works wonders.

But now - if anybody got experience with ClearOS - is it possible to limit the outgoing PPTP VPN account to a single IP? SO that this feature can't be abused.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X