Accessing the OnBoard Appliance and Connected Devices : Creating a VPN Tunnel : Routing requirements for VPN connections

Routing requirements for VPN connections
These routing requirements assume the user’s workstation and the OnBoard appliance can exchange packets.
IPSec VPN routing requirements
If a route is necessary for the OnBoard appliance and the user’s workstation to exchange packets, a route can be specified by setting one or both of the Right and Left nexthop parameters to the IP address of a host route and selecting Add and route as the boot action. This should be configured by the OnBoard appliance’s administrator and the configuration should be shared with the user. Once packets can be exchanged between the OnBoard appliance and the user’s workstation, IPSec automatically creates the routes needed to get packets flowing through an IPSec VPN tunnel, so neither the user nor the administrator need to create routes to support IPSec VPN tunnels to devices.
PPTP VPN routing requirements
If a network or host route is needed to enable communications between the user’s workstation and the OnBoard appliance, the user must manually add the route on the user’s workstation before creating the PPTP VPN tunnel.
In addition, the user must manually create a static route after the PPTP connection is established to inform the workstation that the device to be contacted is at the other end of the point-to-point link. The route must include the PPTP address assigned to the OnBoard appliance, which the user can discover by running the ifconfig or ipconfig command.
The following example shows the PPTP interface IP address output from the ipconfig command on an Windows NT operating system when PPTP has assigned an IP address of 192.168.2.1.
C:\> ipconfig
...
PPP adapter OnBoard_PPTP_VPN
...
IP Address.. . . . . . . . . : 192.168.2.1
...
If the user needs to communicate with devices on two separate private subnets, the user must create a route to each private subnet or to each device.
For example, to communicate with all devices on a private subnet whose IP address is 192.168.4.0, when the network mask is 255.255.255.0 and the PPTP-assigned IP address for the OnBoard appliance is 192.168.2.1, the following route would be needed:
route add -net 192.168.4.0 mask 255.255.255.0 via 192.168.2.1
If additional devices must be accessed on additional private subnets, additional routes must be created to each of the subnets.
To communicate with three devices on a virtual network whose IP address is 172.20.0.0, whose network mask is 255.255.0.0 via the OnBoard appliance and PPTP has assigned to the OnBoard appliance the IP address 192.168.2.1, the user would need to configure a route like the one shown in the following example:
route add -net 172.20.0.0 mask 255.255.0.0 via 192.168.2.1
If a virtual network is configured, the user needs to only add a single network route to the virtual network. Check with the OnBoard appliance’s administrator about which routes you need to configure to connect to the devices for which you are authorized.
Creating a default route on the user’s workstation to the OnBoard appliance is not a viable approach. The route would cause the loss of DNS and other local services (such as Internet and mail service) for the user’s workstation.