DHCP, NAT and VPN

varsis · Aug 26, 2014

Ok here is the deal, I have a Apple TV and some other devices that I would like to run through a vpn.

My Current setup desktop --LAN-- AirPortExtreme --WAN-- MODEM
The rest is running on wifi, and my desktop does not have a wifi card, otherwise i would just use internet sharing.

Is it possible to setup DHCP and NAT to the desktop (192.168.0.201-254 for example) and leave .2-200 for the router. For the rerouted dhcp stuff, it would then use the VPN my desktop is connected to. If this is not possible I will stop, if it is how do i set this up? I tried a few setups but have not been able to get it working yet.

Altemose · Aug 27, 2014

varsis said:
Ok here is the deal, I have a Apple TV and some other devices that I would like to run through a vpn.

My Current setup desktop --LAN-- AirPortExtreme --WAN-- MODEM

The rest is running on wifi, and my desktop does not have a wifi card, otherwise i would just use internet sharing.

Is it possible to setup DHCP and NAT to the desktop (192.168.0.201-254 for example) and leave .2-200 for the router. For the rerouted dhcp stuff, it would then use the VPN my desktop is connected to. If this is not possible I will stop, if it is how do i set this up? I tried a few setups but have not been able to get it working yet.

You can change the range of IP addresses in AirPort Utility.

varsis · Aug 27, 2014

Altemose said:
You can change the range of IP addresses in AirPort Utility.

I tried that, I was able to sometimes connect to the DHCP server. I think I may of had the setting incorrect.

I followed this guide: http://support.apple.com/kb/HT200188?viewlocale=en_US

The DHCP server was setup using 192.168.0.2 as the router (The desktop), and using range 201-254. However I was unable to turn the NAT network on.

I assume these rules should be 192.168.0.0?

Code:

nat on en0 from 10.0.0.0/24 to any -> (en0)
    pass from {lo0, 10.0.0.0/24} to any keep state

Do I also need to run a DNS server to use the local connection the desktop has? I did manage to connect, but I could only access the local network.

Altemose · Aug 27, 2014

varsis said:
I tried that, I was able to sometimes connect to the DHCP server. I think I may of had the setting incorrect.

I followed this guide: http://support.apple.com/kb/HT200188?viewlocale=en_US

The DHCP server was setup using 192.168.0.2 as the router (The desktop), and using range 201-254. However I was unable to turn the NAT network on.

I assume these rules should be 192.168.0.0?

Code:

nat on en0 from 10.0.0.0/24 to any -> (en0) pass from {lo0, 10.0.0.0/24} to any keep state

Do I also need to run a DNS server to use the local connection the desktop has? I did manage to connect, but I could only access the local network.

So were you having an issue getting an IP to your desktop?

varsis · Aug 27, 2014

Altemose said:
So were you having an issue getting an IP to your desktop?

I can connect to the server, but I cannot use the servers internet. I can only access local ips. No external ips.

Altemose · Aug 27, 2014

varsis said:
I can connect to the server, but I cannot use the servers internet. I can only access local ips. No external ips.

So you have it going modem --> AirPort --> Server (out of IP range)?

varsis · Aug 27, 2014

Altemose said:
So you have it going modem --> AirPort --> Server (out of IP range)?

I think so. To clarify the server is behind the router and so are the other clients, trying to route local through the connection the server has which is a vpn.

Altemose · Aug 27, 2014

varsis said:
I think so. To clarify the server is behind the router and so are the other clients, trying to route local through the connection the server has which is a vpn.

Does the server maintain a static connection to the web by setting it up at like 192.168.1.201?

varsis · Aug 27, 2014

I would assume no since the router is providing the server access to the web. Do I need multiple Ethernet connections to do this?

Altemose · Aug 27, 2014

varsis said:
I would assume no since the router is providing the server access to the web. Do I need multiple Ethernet connections to do this?

No you should be fine with one. Can you access the internet on the server?

varsis · Aug 27, 2014

Altemose said:
No you should be fine with one. Can you access the internet on the server?

Yes, no problem with connections. Maybe my setup is not correct? I'm not much of a network guru.

varsis · Aug 27, 2014

This is my nat setup I'm not sure this is correct.

Code:

nat on en0 from 192.168.0.0/24 to any -> (en0)
    pass from {lo0, 192.168.0.0/24} to any keep state

attached is the DHCP settings.

varsis · Aug 27, 2014

varsis said:
This is my nat setup I'm not sure this is correct.

Code:

nat on en0 from 192.168.0.0/24 to any -> (en0) pass from {lo0, 192.168.0.0/24} to any keep state

attached is the DHCP settings.

Seems this stuff above is giving a syntax error...

varsis · Aug 28, 2014

varsis said:
Seems this stuff above is giving a syntax error...

fixed the syntax error, retyped it out in vim and all is well there. but I still have no access to the internet.

Altemose · Aug 28, 2014

varsis said:
fixed the syntax error, retyped it out in vim and all is well there. but I still have no access to the internet.

Have you tried putting the server in the AirPort's DHCP range and reserving the IP for it? You could put it at 192.168.1.199 and have the range go 192.168.1.200-240.

varsis · Aug 28, 2014

Altemose said:
Have you tried putting the server in the AirPort's DHCP range and reserving the IP for it? You could put it at 192.168.1.199 and have the range go 192.168.1.200-240.

tried that no go.

Altemose · Aug 28, 2014

varsis said:
tried that no go.

So clients on the network in the AirPort's DHCP range can access the internet. When you connect them through the server they lose access?

varsis · Aug 28, 2014

Altemose said:
So clients on the network in the AirPort's DHCP range can access the internet. When you connect them through the server they lose access?

that is correct. But they still can access local ips.

Altemose · Aug 28, 2014

varsis said:
that is correct. But they still can access local ips.

It sounds like you some how have a firewall or NAT blocking it since I don't see an obvious issue with the configuration.

varsis · Aug 28, 2014

Altemose said:
It sounds like you some how have a firewall or NAT blocking it since I don't see an obvious issue with the configuration.

So found the problem as soon as a vpn connection is on it's no longer able to route correctly so I need to do a redirect Through the vpn, I will try again tomorrow.

Altemose · Aug 28, 2014

varsis said:
So found the problem as soon as a vpn connection is on it's no longer able to route correctly so I need to do a redirect Through the vpn, I will try again tomorrow.

Keep us posted!

varsis · Aug 30, 2014

Altemose said:
Keep us posted!

well tried changing the through to tun0 (interface used by tunnelblick) and It is a no go. I am unable to get this working correctly.

Any ideas?

Altemose · Aug 30, 2014

varsis said:
well tried changing the through to tun0 (interface used by tunnelblick) and It is a no go. I am unable to get this working correctly.

Any ideas?

This has me scratching my head too. I don't know what I don't know! It is kind of hard to offer help since I am not right there working on your server. Perhaps someone else has some ideas?

DHCP, NAT and VPN

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors regular

Attachments

macrumors regular

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors G3

Our Staff