Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 5653 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Struggling with access over site-to-site VPN

MattMoenter1

Here's my setup (IPs are made up):

Home-

SG110, dynamic IP on cable modem

Internal- 10.0.0.1

Camper-

Verizon 4g router to "WAN" on desktop running Sophos Home UTM, dynamic IP, Nat'd behind Verizon

Internal- 10.0.1.1

Wireless router configured as access point to provide wireless and 4 port switch

IP camera for monitoring kids sleeping at night (so parents can walk away from camper and know the kids are still in bed!)

Site to site SSL VPN setup and connected

Firewall rules on both ends:
ALLOW - HOME network > CAMPER network

ALLOW - CAMPER network > HOME network

From the camper network, I can access anything on the home side which is fine (file shares on home system, printers, etc)

From the home network, I can ping the different devices on the camper side (access point, IP camera, firewall interface) but I can't access the web interface for any of them. The odd thing part is I can some times get the login prompt for the IP camera or the SSL certificate warning for the firewall but nothing after that.

Speed test:
Home - 25 down x 3 up

Camper - 8-10 down x 8-10 up

File transfers from camper to home result in about a 3mb transfer rate

From inside the camper network, I can access all the devices on the camper network just fine.

Ping times from home to camper are about 70-100ms which isn't the greatest but it should be able to pull up the web interfaces and the video stepped down to 320x240. 

A little background- I had this working last summer and it worked well enough. Over the winter, I re-tasked the system in the camper I was using for the firewall knowing I'd put a better system in place. Well now camping season is approaching and I'm trying to get this going again. 

Ultimately, if it weren't for Verizon and their NAT'ing, I would just open the ports on the camper firewall and access the camera through that connection but since Verizon NATs their hotspots (without a $500 static IP), I'm doing the site-to-site VPN then opening the ports on my home firewall.

I hope this makes sense and someone can give me some ideas on where to look next since I'm smacking my head against a brick wall...and there's not many brain cells left!



This thread was automatically locked due to age.
  • 0

    Hi, Matt, and welcome to the UTM Community!

    Rather than the SSL VPN, why not try a RED tunnel where the LANs behind the UTMs are bridged to each other?  This avoids problems like double NAT, etc.

    Cheers - Bob

  • 0 in reply to BAlfson

    Sorry for the delay in response, I went on vacation then came back to three major projects completing at the same time! I played around more this weekend and came up with the following results:

    -Using a RED tunnel I get the same results, connects ok, can ping across but trying to access either the camera or even the UTM admin page on the remote site barely loads if at all.

    -Changed SSL VPN to use TCP instead of UDP and ping times skyrocketted (300-1200ms) BUT I was able to access the camera just fine although slow and the video actually worked although had a slight delay

    -Changed SSL VPN back to UDP and the problems came back.

    It definately seems to be related to using UDP over the Verizon connection but I'm not sure why that would be the issue. Using UDP, the ping times were between 50-100ms but I could barely access things over the VPN.

  • 0 in reply to MattMoenter1

    Matt, try #1 in Rulz - any hints?

    Cheers - Bob