Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio + Wireless Router (inline) Problem (Any suggestions/solutions?)
  •  
Rainden

Messages: 7
Karma: 0
Send a private message to this user
Okay so here's my deal. Im providing satellite internet to about 30 people within my platoon while delpoyed to Iraq. All of them currently are connected to the LAN with cat5 cable. There are some people that are outside the capabilities of cat5 cable in distance and I'd like to provide them internet through wireless. The scheme of my current network is currently as such:

Satellite Modem ->Server(with Kerio)->Netgear 25port switch->end user

I have purcased a Netgear wireless router and dipole antenna and I have verified that the combination is able to deliver wireless internet at the desired distances when run independantly.

When I try to integrate the router into the wired network, of course I get no WAN connectivity through the wireless system. I have turned off dhcp on the router, and tried setting the router's ip settings to be of the same subnet as the server machine(which didnt work) and also to be part of the server's LAN subnet(which also didnt work.

I have looked around to research this issue as best I can and pretty much the only thing i need to be concerned with is turning off dchp on the router and then it should work fine...but obviously that is not the case.

Can anyone highlight for me the things I have to have in place to integrate the wireless router into the kerio managed wired Lan in order to provide wireless internet to the wireless users?

Thanks in advance for any information =)
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
I would recommend setting the wireless router to "Access point" mode so it is transparent to IP traffic and distributing LAN to wireless clients. It should not do any NAT or other traffic filtering. The wireless router must be connected to LAN interface on server with Kerio Winroute Firewall which should do NAT so the local clients can access the Internet.
  •  
Rainden

Messages: 7
Karma: 0
Send a private message to this user
Yes thank you, that is exactly what I had thought needed to be done...but I don't think it's as cut and dry as that. Here are my settings.


Modem

IP: 12.137.27.49
sub: 255.255.255.240

WAN NIC on server

IP: 12.137.27.58
sub: 255.255.255.240
gate: 12.137.27.49
DNS: 212.31.224.2


LAN NIC on server

IP: 192.168.0.1
sub: 255.255.255.0

*the LAN NIC is the DHCP distributer to the users and gives them all private domain ip's with all the relevant dns info and nat trans being done by kerio.

*the LAN NIC is plugged into a 25 port managed Netgear switch and everyone gets their network connection via this Switch.

//////////////////////////////////////////////////////////// //

Okay so there are the details. Now this is what i have done within that configuration to try and get the wireless router to work within that network:

-plugged router into managed switch
-turned off dhcp
-enabled wireless access point
-changed lan ip of router to 192.168.0.2/255.255.255.0
-changed the ip info for WAN on the router to reflect the server issued dhcp address, didnt work. then tried static ip to match that of the server, didnt work. Then changed the wireless router to auto-detect its WAN ip settings...didnt work.
-enabled RIP(both)on the wireless wasnt sure if that worked
-Added the LAN NIC on the server to a routing table on the router..still dont know if that worked.


basically im not very clear on how to set up the WAN setting on the wireless router as every setting i have given it in the current configuration has not worked. I know i could get things to work if i placed the router above the server on the food chain...but then i wouldnt have the control of kerio. what if i put it below the server and above the switch? are there any forseeable issues with that configuration? I think I'd run into the same issues of connectivity....sigh. any help on this subject would be greatly appreciated. =)
  •  
mrnobody

Messages: 1
Karma: 0
Send a private message to this user
Hi there

What I've found out about this by looking at the piece of software is that first off your server wan(internet) nic and your lan(dhcp local) nic, should have 2 different subnets(which you've done).

Next you should make sure that your gateway and DNS info in your dhcp default settings is set to the server lan/dhcp nic(in your case 192.168.0.1).

your lan nic should have a static ip assigned to it(in your case 192.168.0.1 with subnet 255.255.255.0).

Then you need to reboot your server and that should work. This last step is crucial for some reason and your changes don't work without it(for the dhcp side of things).

Hope that this helps
  •  
gshmar

Messages: 17
Karma: 0
Send a private message to this user
hi guys

actually im doin the same senario in my place

first of all you have to clearify one point ,,
do you have a wirelss router or simply wirless AP
because if you have AP then its very simple just what i have ,,,
but if you have wirelss router then you have to do nating for your internal network to words kerio server

in other words,,
keiro ip 192.168.0.1
if you have AP make the AP ip 192.168.0.2 with no DHCP ,,,make every thing managed by kerio server and 100% it will work
(( this is what i have running ))

but if you have wirelss Router
the you have 2 interface one would be 192.168.0.2 and put the default router as 0.0.0.0 0.0.0.0.0 192.168.0.1
and then you have to create another private ip address for example 172.16.0.1 ( creat DHCP withen this range )
and finally make nating statement from 172.16.0.0 to 192.168.0.1
because kerio can deal with 192.168.0.0 network only ,,,
if any traffic coming from 172.16 network kiro will drop it

im sure this is your soultion (( If i understand your problem clearly ))
  •  
Rainden

Messages: 7
Karma: 0
Send a private message to this user
Cool, thanks for the reply. Let me ask some questions to clarify eaxactly what you´re saying. But first let me say that yes it is a router...not an ap.

1. Are you saying I would need a total of 3 NICs on the Kerio machine? 1 for the Wan, one for the Lan, and 1 for the router?

2. 0.0.0.0 0.0.0.0.0 192.168.0.1 really? Ive never seen anything like that...can you explain to me the principle behind setting the router´s ip address to this?

3. Are you also saying that the wireless router should be providing DHCP service to the wireless clients while Kerio is still providing DHCP service to the LAN clients? How is it that those two will not conflict in their service?

I dont have most of the advanced networking education, but I pick up things very quickly...an explanation of theory and applications are usually all I need to figure out problems like this =)

Also I appreciate greatly your effort to offer this solution for me, even using your english which I can tell is not your first language!
  •  
gshmar

Messages: 17
Karma: 0
Send a private message to this user
hi there

first of all ,, you are right ,, English is not my first language Razz

*can you tell me which brand of wirless device you are goin to use..

* you dont have to use another network card,,,
simply you connect your wirless router to the same switch where you provide the lan network (192.168.0.0 ) and assign static ip address to the first interface of the router as 192.168.0.2

Now on the router ,, you have to creat DHCP pool with 172.16.0.0 and do nating ...
because router always block the brodcast traffic


i will get your more details ... but later on since im goin to Office now Sad

i have Good knowlage in network stuff and acceptable knowlage in SW

and since you designed this senario i can tell you what you gotta do to make it wroks

regards
  •  
Rainden

Messages: 7
Karma: 0
Send a private message to this user
Thank you for your help in this matter =)

The router brand is Netgear, I dont have the model number right now because I am off-site...but I will be back in a few days.

Its starting to be a bit more clear in my mind how the puzzle pieces fit into place =) once i get back and can try it out I think our conversations will help a LOT. =)

thanks again!
  •  
gshmar

Messages: 17
Karma: 0
Send a private message to this user
hi there
im back

i as i told you im runing the wriless network to arround 40 users
but in my case im controlling every thing by Kerio..
i have AP which is working as transperent (layer 2 )
in this case wifi users can be authenticated by web.
very easy ,, very simple

Now
in your case you want to user Wirless Router,,, the soultion is by doin nating on the router
i mean one interface in the wriless router will have ip address 192.168.0.2
second interface of your wirless router will have ip 172.16.0.1
now you have to do nating in the router to allow 172.16.0.0 network to use the 192.168.0.2 ip and go out to kerio as ip 192.168.0.2 ( which the kiero understand that IP )

i can help you if you run team view program in your network ,,
i will login remotely and do it for you ,,

by the way im runing my project also remotely Smile

Regards
  •  
Rainden

Messages: 7
Karma: 0
Send a private message to this user
You're right! that was very easy. I am surprised that the solution seemed to escape me for so long. I guess I just really didn't apply myself logically. I was wondering if you had any pointers on the following question though:

When I enable the MAC address access list to limit who can connect to the wireless, iphone users cannot connect to the router. This is a change, because before when i had the router actually working seperate from Kerio, iphone users were able to access this router when the passphrase and mac access list was enabled.

I have checked and rechecked that the mac addresses are correct. I even disabled the access list...let them connect, and then copy/pasted the mac address that the router was identifying them with.

I think it may be possible that the 3.01 upgrade for iphone has something to do with the failure to authenticate to a wireless network based on Mac access. But im not sure =)

I know that the security features in and of themselves for wireless authentication are very strong, but with this network i have a high possibility of the password getting around by word of mouth...so that kinda why i want the mac access list to work. any suggestions?

By the way, thanks so much for your help on this matter. You really pushed me along in getting this network rolling, and also broadening my understanding of networks =)
Previous Topic: Slow loading of local Sharepoint Site
Next Topic: please help me
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Sep 24 17:40:10 CEST 2017

Total time taken to generate the page: 0.00473 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.