Computer networking help needed

Most of us are not "computer people" so post your technical questions and comments here. If you have computer or Internet expertise, share it here.

Moderators: carlson1, Keith B

User avatar

rtschl
Senior Member
Posts in topic: 1
Posts: 1244
Joined: Thu Jul 02, 2009 1:50 pm
Location: Fort Worth

Re: Computer networking help needed

#16

Post by rtschl »

Calculating subnets is not fun. Here's an online one I have used several times: http://www.subnet-calculator.com/

Spiceworks also has one to help you easily divide: https://community.spiceworks.com/tools/subnet-calc/
Ron
NRA Member
User avatar

Grayling813
Senior Member
Posts in topic: 1
Posts: 2319
Joined: Mon Jun 24, 2019 11:18 am
Location: Arlington

Re: Computer networking help needed

#17

Post by Grayling813 »

Your vpn setup should have your public ip addresses from each end, not the internal network address.
User avatar

Topic author
Charles L. Cotton
Site Admin
Posts in topic: 9
Posts: 17787
Joined: Wed Dec 22, 2004 9:31 pm
Location: Friendswood, TX
Contact:

Re: Computer networking help needed

#18

Post by Charles L. Cotton »

rtschl wrote: Tue Sep 15, 2020 3:35 pm Calculating subnets is not fun. Here's an online one I have used several times: http://www.subnet-calculator.com/

Spiceworks also has one to help you easily divide: https://community.spiceworks.com/tools/subnet-calc/
That helps a lot!!

Thanks,
Chas.
User avatar

Topic author
Charles L. Cotton
Site Admin
Posts in topic: 9
Posts: 17787
Joined: Wed Dec 22, 2004 9:31 pm
Location: Friendswood, TX
Contact:

Re: Computer networking help needed

#19

Post by Charles L. Cotton »

dhoobler wrote: Tue Sep 15, 2020 2:09 pm I concur with parabelum that you cannot use a subnet mask of 255.255.255.255. If you could post a sketch of the network with IP addresses, I might get a better handle on your configuration.
I have a block of IP addresses allocated to me from Net-44. These are 44.x.x.x, all of which were dedicated to ham radio in the 1980's. I have contacted the appropriate folks to get a letter of authorization for Spartan Host to "advertise" these IP addresses. If I use them, will that make this process easier? I will still be using these addresses through the VPN.

Chas.

HD76
Member
Posts in topic: 1
Posts: 58
Joined: Wed Mar 17, 2010 1:18 pm

Re: Computer networking help needed

#20

Post by HD76 »

Charles,

I would not suggest using the Net44 addresses with a VPN solution. They are not necessary, and will only add complexity in administering and on-boarding new VPN connections.

I think the issue you are running into is that you are putting everything on the same network. Site to site VPN tunnels usually connect different networks. An IP address is split into a network address and a device address. The subnet mask is what determines how this is split. The simplest example is a subnet mask of 255.255.255.0. For the IP address 192.168.73.2, the network address is 192.168.73 and the device address is 2. If you then take the IP address 192.168.73.3, that will be on the same network, but has a different device address. For your VPNs connections, you want different networks. So site 1 would have a network address of 192.168.73 and site 2 could have a network address of 192.168.74. The routers for each site would have addresses like 192.168.73.2 and 192.168.74.2. The link below is a sample network diagram of the VPN connections to 3 different sites.

https://centretech.sharefile.com/d-s286c8c3cdfa43e78

Using a subnet mast of 255.255.255.0 (or some times written as /24 after the IP address) is good for easily explaining the layout, but probably a lot more IPs than are needed. I would suggest using 255.255.255.248 or 255.255.255.240 as the subnet mask, depending on how many IPs would be needed at each site.

dhoobler
Senior Member
Posts in topic: 5
Posts: 490
Joined: Mon Feb 25, 2008 2:58 pm
Location: Friendswood, TX

Re: Computer networking help needed

#21

Post by dhoobler »

Here is my contribution of a sample configuration. I split your network, 192.168.73.0/24 into two networks, 192.168.73.0/25 and 192.168.73.128/25. The subnet mask is 255.255.255.128.

Each of the internal hosts, of any type, must have an IP address from within its own network. You must assign the IP address, 192.168.73.1 to the internal network interface of the gateway (router) for network A. You must make that IP address the default gateway of each host within the private A network.

Similarly, for network B, the internal interface of the gateway must have an IP address of 192.168.73.129. That must be the default gateway of each host within the private B network.

If a host in network A needs to access a host in network B, it can do so by IP address, or by a local host table. I don't think you want to get into DNS.

The trick to making this work is to configure the tunnel between gateway A and gateway B. That is not a trivial task. It includes setting up encryption methods, data integrity and key exchange. In addition to that, gateway A must "know" that the private network, 192.168.73.128/25 is behind gateway B. Likewise, gateway B must "know" that the private network, 192.168.73.0/25 is behind gateway A. the two gateways must have routing between the two private networks configured. This is not necessarily a trivial task.

Key to understanding this is to understand the relationship between the IP address and the subnet mask. The standard class C network, 192.168.73.0 with subnet mask, 255.255.255.0 is one contiguous network. If you change the subnet mask to 255.255.255.128, 192.168.73.0 through 192.168.73.127 belong to one network and 192.168.73.128 through 192.168.73.255 belong to a different network. This is why they can be split up between the two sites. You do not have to do this. You could use two entirely different private networks.

I am assuming that the two gateways are connected to the Internet with static public IP addresses. If they do not have static IP addresses, things get more complicated.

I assumed that your gateway and switch are separate pieces of hardware. This may not be the case. The gateway might have enough ports to connect all of your internal hosts.

Recall that in this scenario, you cannot use the IP addresses 192.168.73.0 or 192.168.73.128. These are used for routing. You cannot use 192.168.73.127 or 192.168.73.255. These are broadcast addresses.
Attachments
SampleNetwork.png
Revolver - An elegant weapon... for a more civilized age.
NRA Endowment Life Member
TSRA Life Member

DocV
Senior Member
Posts in topic: 1
Posts: 1127
Joined: Fri Nov 25, 2011 4:29 pm

Re: Computer networking help needed

#22

Post by DocV »

Hi Charles, as you are using Spartan Hosting, I imagine you are familiar with the net-44-vpn support group.
https://groups.io/g/net-44-vpn

https://tapr.org/pdf/2_K7VE_V2_VPN%20fo ... 0Radio.pdf
for a somewhat dated presentation from that group.
User avatar

Topic author
Charles L. Cotton
Site Admin
Posts in topic: 9
Posts: 17787
Joined: Wed Dec 22, 2004 9:31 pm
Location: Friendswood, TX
Contact:

Re: Computer networking help needed

#23

Post by Charles L. Cotton »

Guys, thanks so much for all of your suggestions and help. It's greatly appreciated!

Chas.
User avatar

Topic author
Charles L. Cotton
Site Admin
Posts in topic: 9
Posts: 17787
Joined: Wed Dec 22, 2004 9:31 pm
Location: Friendswood, TX
Contact:

Re: Computer networking help needed

#24

Post by Charles L. Cotton »

dhoobler wrote: Wed Sep 16, 2020 9:27 pm Here is my contribution of a sample configuration. I split your network, 192.168.73.0/24 into two networks, 192.168.73.0/25 and 192.168.73.128/25. The subnet mask is 255.255.255.128.

Each of the internal hosts, of any type, must have an IP address from within its own network. You must assign the IP address, 192.168.73.1 to the internal network interface of the gateway (router) for network A. You must make that IP address the default gateway of each host within the private A network.

Similarly, for network B, the internal interface of the gateway must have an IP address of 192.168.73.129. That must be the default gateway of each host within the private B network.

If a host in network A needs to access a host in network B, it can do so by IP address, or by a local host table. I don't think you want to get into DNS.

The trick to making this work is to configure the tunnel between gateway A and gateway B. That is not a trivial task. It includes setting up encryption methods, data integrity and key exchange. In addition to that, gateway A must "know" that the private network, 192.168.73.128/25 is behind gateway B. Likewise, gateway B must "know" that the private network, 192.168.73.0/25 is behind gateway A. the two gateways must have routing between the two private networks configured. This is not necessarily a trivial task.

Key to understanding this is to understand the relationship between the IP address and the subnet mask. The standard class C network, 192.168.73.0 with subnet mask, 255.255.255.0 is one contiguous network. If you change the subnet mask to 255.255.255.128, 192.168.73.0 through 192.168.73.127 belong to one network and 192.168.73.128 through 192.168.73.255 belong to a different network. This is why they can be split up between the two sites. You do not have to do this. You could use two entirely different private networks.

I am assuming that the two gateways are connected to the Internet with static public IP addresses. If they do not have static IP addresses, things get more complicated.

I assumed that your gateway and switch are separate pieces of hardware. This may not be the case. The gateway might have enough ports to connect all of your internal hosts.

Recall that in this scenario, you cannot use the IP addresses 192.168.73.0 or 192.168.73.128. These are used for routing. You cannot use 192.168.73.127 or 192.168.73.255. These are broadcast addresses.
This may be the solution. I'm going to try to set it up. There will be only one host (the repeater) behind each router, but there will eventually be several repeater groups joining the link. So I'll need many subnets with only one host. We could splurge and use .255.248 and have plenty of host addresses available and up to 32 different repeater groups.

The first two repeaters groups may have different Internet access. One repeater will have a Sprint hotspot and my repeater will either have a hotspot or I may use Ubiquiti to link with the Internet service at our shooting club only 2,100 feet away. The club has a business account with a static IP address, but we won't have that with hotspots.

We are using OpenVPN and the GL.iNet MT-300N smart routers were chosen because they have OpenVPN software installed. We simply import an OpenVPN certificate that was created on the server for that site and the router makes the VPN connection. The tunnel was set up with a script, so I hope that doesn't turn out to be a problem.

I'll send you a PM.

Thanks,
Chas.
Post Reply

Return to “Technical Tips, Questions & Discussions (Computers & Internet)”