Hi, here is the problem i got, i have 2 separate network,
my home network that is 10.1.0.XXX
and a remote network that is 10.10.0.XXX.

The router on the home network got this adress: 10.1.0.1
The Neorouter client on my home network as this eth0 ip: 10.1.0.104
and the nrtap IP is: 10.0.0.9

The router on the remote network got this adress: 10.10.0.1
The Neorouter client on the remote network as this eth0 ip: 10.10.0.10
and the nrtap IP is: 10.0.0.6

Both Neorouter clients are on CentOS5 and both router are using Tomato 1.27.

I have set this route in my home router:
Destination: 10.10.0.0
Gateway: 10.1.0.104
Subnet Mask: 255.255.255.0
Interface: LAN

And this one on my remote router:
Destination: 10.1.0.0
Gateway: 10.1.0.10
Subnet Mask: 255.255.255.0
Interface: LAN

On both neorouter client, i have enable the ip_forwarding in the /etc/sysctl.conf

and done a sysctl -p

after that, i have sent those command in the home neorouter client:


and this one in the remote neorouter client:


But can't ping from the home to remote, when i do a tracert on my windows machine, it trace the route to the router and to the Neorouter home client, but that is. Is there something wrong with what i have done ?? thanx!

Hi Speedy2k,

You setting to the OS looks fine. But did you setup the Feature.ini to enable the network bridge feature of NR client?

For the details, check out:
http://www.neorouter.com/wiki/index.php ... ork_bridge

In your case, you may want to create a Feature.ini file in the main config folder of each NR client computer. As you are using CentOS, the main config folder is:


The content of the file would like this:



Then restart your nrservice on each NR client.

Let us know if you still have problem.

Thanks,
KevinZ - NeoRouter team

Ok i have done what you have said, does i have to enable this on the server too ?? Because right now i'm only able to ping the remote gateway, like from my Home client i can ping my remote client but not the remote router. Here is the sysctl -p output:


On both client.
and here is the routing on the remote client, please note that i have change the VPN ip just to make shure i d'ont have conflicting IP.



Here is the remote router routing:


And here is the home client routing:


and here is the home router routing:



Is there anything else to do ?? like i said, from the neorouter client i can ping the internal ip of the remote box but not in the network ??
thanx!

Hi Speedy2k,

I reviewed your first post, seems the route command has problem (my fault, I didn't notice it before).



Since you use the routing method to implement the site-to-site VPN, you have to:

1. on each PCs (not NR Client) in the LAN, need to add route, so that packets can be routed to the gw, e.g. NRClient.
2. if you don't want to setup each PC, you can add route in your router (you are using tomato, good), from there , router packets to NRClient. It means, all your PCs in a LAN having default gw to your router pass packets to the router first, then the router route them to the NRClient, which will pass to the remote.

Here is an example add route on each pc.

Check out http://www.neorouter.com/wiki/index.php ... idge_2.png for more details.

Check out http://www.neorouter.com/wiki/index.php ... o_site_VPN (the Option 2) for how to set route on routers.





Let us know if you still have problem.

Thanks,
kevinZ - NeoRouter team

Like you see in my last post, the routing is already done on each Neorouter Gateway and the router to, like i said, i can ping from my home neorouter gateway to the lan IP of the remote gateway, but not past that, i don't know why. all the routing is done in the router and in the neorouter gateway, i don't understand what is happening. is there any way to make sure the Feature.ini file is applied ?? thanx!

ping between gateways (NR Clients) just means NR network is setup properly. You may want to try:

1. ping from 10.1.0.1 to 10.10.0.10
2. ping from 10.1.0.1 to 10.10.0.1
3. ping from 10.1.0.x to 10.10.0.x

Can you also make sure the router and Linux firewall are setup properly when testing?

Thanks,
KevinZ - NeoRouter team

On the tomato Routers, the firewall is always active, does i have to add an iptables entry for it to accept the request to another subnet ??

Tomato does support "router" mode, but default is gateway mode. I think there should be settings to it so that it can router packets between two subnets.

I suggest you test the "Option 1" first, e.g. manually add static route to a computer 10.1.0.x and a computer 10.10.0.x. If they can ping each other, it means NR Network Bridge feature is working properly. Then you may spend want to some time to figure our the "Option 2", e.g. using the router. For NR, there is no difference between Option 1 and 2.

Thanks,
KevinZ - NeoRouter team

Ok it's a good idea, but what is strange, is when i make a tracert on my computer that is on my local lan, to the 10.10.0.10 that is the neorouter gateway on the remote la, here is what i got:


So it seems then the Tomato router is routing the demand to the pbx.lan that is my neorouter gateway.

But doesn't go anywhere, but when i do a traceroute on the local gateway to the remote gateway, here is what i got:


It goes straight, but when i do a traceroute from the local neorouter gateway to the remote Tomato, here is what i got:


I think it is in the gateway the problem, like if the Feature.ini file wasn't working, does it need special permission? is it really spelled Feature.ini and not feature.ini ?? who must be the owner of this file ?? thanx a lot!

From your description (traceroute 10.10.0.10 successfully), it looks like the Network Bridge mode is enabled already. Or 10.10.0.x packets cannot be passed over NR network. If you remove the Feature.ini file, your traceroute will get time out, as NR accepts virtual IP (10.0.0.x) packages ONLY by default.

So the problem should be in the 10.1.0.104 . Why 10.10.0.x packets do not go nrtap (10.0.0.9) ? Can you list the route table on 10.1.0.104?

Thanks,
KevinZ - NeoRouter team