Hello all,

I am running a brand new WISP (Wireless Internet Service Provider), and I need to be able to remotely administer access points behind the NAS on my various hotspots. Each hotspot is running coovachilli, and the APs have static private IPs. Each hotspot has a different private subnet beginning with 192.168. Each NAS has a static IP from our ISP. Here is a picture of what I need to do:


192.168.1.0 -> NAS(gateway) X.X.X.X -----INTERNET------ NAS(gateway) Y.Y.Y.Y---> 192.168.2.0

While I can reliably connect over the WAN to Y.Y.Y.Y and administer that server via web or ssh, I need to be able to administer the static private IPs (the radio devices) on 192.168.2.0 from the 192.168.1.0 LAN via my web browser (this is due to the nature of the firmware on the devices), as well as being able to bring all of my SNMP under one "roof".

SPECIFIC QUESTION: How can I define the routing on NAS X... and NAS Y... to allow me to simply web or ssh or whatever 192.168.2.x from the 192.168.1.x side? NAT? VPN? PPTP? Which would be the best solution?

Many thanks in advance, folks

the formal solution would be a site to site vpn.

Yes, a VPN would work for about 90% of what I need done. However, I have a RADIUS server running on one of the subnets and am not sure how much a VPN might slow down the AAA process. Any other suggestions?

Why would a VPN slow it down? Physical geography and public routing would have a vastly larger effect, especially as a radius conversation would literally just be 2 udp packets.

Well Chris, I just don't know how a VPN might slow it down..... tha's why I'm askin'.

no, you're asking for other suggestions, as if you think you know it will slow things down when it won't. a VPN is the most rightest way to do this.

A VPN will not slow it down, reason being that without a VPN it won't work at all! The Internet does not contain routes for 192.168.x.x networks so the only possible way you will be able to connect is to establish some sort of tunneling. Which is effectively a VPN.

Geez, Chris. Either you fancy yourself a mind reader, or you need some time off.

I have no good idea as to how to approach this connection, largely due to my lack of recent experience in this aspect of networking. I know next-to-nothing about RADIUS or UAM. Therefore, seems reasonable to ask about the speed issue and to also request other suggestions.

I thought my ignorance was apparent by the original post.

1 members found this post helpful.

Thanks, baldy. I too am hairless. Looks like the consensus here is to setup a VPN and then (in my case) pray.

Couldn't one also use a GRE-tunnel?
Of course that wouldn't be safe, but maybe it doesn't have to be.

Yup, still what I would think of as a VPN, although as you point out its technically not "private" as its unencrypted. You may have trouble getting GRE over your ISPs network though. An IPinIP tunnel is more likely to work in my experience.

There is no reason why RADIUS will not work over a VPN and the added latency due to encryption is going to be negligible.

Generally the point of a GRE tunnel is to allow MS stuff like netbios.

Wash your mouth out with soap young man!!!