After the private subnets, device, and user account configuration in Two Private Subnets and User Configuration for Example 2 is completed, a VPN connection must be created. This example shows the configuration steps that must be performed by the OnBoard administrator and by a user on a remote workstation for setting up an PPTP VPN connection1 that would enable the authorized user “allSps” to access “sp1,” “sp2,” “sp3,” and “sp4.”The following screen example shows an example PPTP configuration on the Network Æ VPN connections screen.PPTP VPN Configuration Example: Address Pools shows the following address pools:Note: The address pools’ IP addresses can be assigned arbitrarily. Make sure that none of the addresses assigned here are being used elsewhere on your network.
•
• The following figure shows an example PPTP configuration on the Config Æ Users and groups screen.
• The user has the PPTP password if it is different from the password that authenticates the user for access to the OnBoard.The user can test whether the user’s workstation can access the OnBoard by entering the OnBoard’s public IP address in a browser to try to bring up the Web Manager.
• If a network or host route is needed to enable communications with the OnBoard, configure the route.
• Use the PPTP client on the workstation to create the PPTP VPN connection profile, entering the following:
• Enter the ifconfig or ipconfig command on the command line of the user’s workstation to discover the IP address assigned to the OnBoard’s end of the PPTP VPN tunnel.When the PPTP tunnel is being activated, the OnBoard chooses an IP address from each of the address pools for the endpoints of the PPTP link. The client’s end of the point-to-point link receives an address from the remote address pool, and the OnBoard receives an address from the local address pool. Usually the first connection obtains the first address from each pool, so the client would be 192.168.3.1 and the OnBoard would be 192.168.2.1.
• Enter the OnBoard’s PPTP-assigned address either in a browser or with ssh on the command line to access the OnBoard. In this example the address would be 192.168.2.1.
• Create a static route to inform the workstation that the devices to be contacted are at the other end of the point-to-point link.
• In this example, to communicate with “sp1” and “sp2,” a route would needed to “sub1,” which has the network IP address 192.168.1.0 as shown below:
• To communicate with “sp3” and “sp4,” a route would needed to “sub2,” which has the network IP address 192.168.4.0 as shown below:See Enabling Native IP and Accessing a Device’s Native Features Using Real IP Addresses for Example 2.