Afternoon all.

just a couple of questions, if any one may help most appreciated.

I have a home network. sat behind a draytek 2860Vac.
on the network is all my work stuff, two NAS drives, email server etc etc.
It has static ip.
192.168.1.1 local network

At my workshop, I have another office, which needs regular access to the servers.
This is also behind another draytek router, using 4glte. (2862Lac with 3g/4g LTE)
192.168.2.1 local network


I have set up a vpn, to test the waters so to speak. however, they are both on different sub nets so, the Mac in the office is still not seeing the servers natively as they would across a Lan.
set up is as per LAN to LAN using SSL

Both routers are saying vpn is working fine, both routers are also on different internal subnets, as described in Draytek set up and KB.

How do I get the whole lot to act as if its one network.
If I dial in from a Mac book, on another (dial in) vpn, its issued an ip from my home, so I am guessing its fairly easy.
My knowledge of vpn's is limited.

Lastly, my home router doesn't use open vpn. is it worth buying another..
Whats the best vpn type I should be looking at.

regards
rob

rob_g71 wrote:
How do I get the whole lot to act as if its one network.
If I dial in from a Mac book, on another (dial in) vpn, its issued an ip from my home, so I am guessing its fairly easy.
My knowledge of vpn's is limited.

What you are seeing is probably correct - a VPN works at the IP level and routes traffic between the two networks, as appropriate. This means that anything that relies on Broadcasts is doomed to failure, without some sort of 'helper' on each network. (Some routers provide proxies for particular applications).

When you say the Mac is not 'seeing' the servers - what software is involved? If it's file/print sharing, then maybe the Mac is using an implementation of some ancient Microsoft/IBM Lan Manager stuff, that never was 'route-able'. I presume that basic IP connectivity from Mac to server works (i.e. Ping and traceroute, name lookups etc). If name resolution doesn't work, you may need to implement a DNS server infrastructure.

You might be able to workaround this, by having the Mac establish a separate 'client/teleworker' type VPN connection of its own - so that it has an IP address on both networks... (lots of obvious admin drawbacks to this, as well as inefficiencies)

What you are really asking for, is that the two networks are bridged, rather than IP-routed. This is how it was done in the old-days, when a Bridge was physical piece of hardware, plugged into a leased line. Very inefficient in terms of bandwidth though...)

I came across a software implementation of a bridge here: https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN , though I've no practical experience of using it.

Lastly, my home router doesn't use open vpn. is it worth buying another..Whats the best vpn type I should be looking at.

I've not used OpenVPN, but I know from experience that SSL (on Draytek at least) is very slow. L2TP/IPsec works for me - though various sources are now starting to question how secure it is. Personally, I expect it to be fine, unless MI5 get a court order :wink: