Most often, a router is used to organize a wireless connection to the Internet. Everything is quite simple here, even for those who do not understand the principles of networking at all. But sometimes it becomes necessary to connect the router not only to the Internet, but also to another local network (common house or corporate). And this is where you have to tinker a little.
What is an intranet?
Simply put, the intranet is the Internet “for your own”. That is, a network built on the principles of the “big Internet”, but access to which has a limited number of users.
Examples of intranets are home networks, internal networks of providers, corporate networks.
An intranet is convenient for exchanging internal information, communicating with colleagues or neighbors, posting targeted ads, and so on.
In addition, the speed of obtaining data from the intranet is high, and access to its resources can be absolutely free, which makes such networks a very popular medium for exchanging large files – video content, music, etc.
Connecting directly to an intranet router
The connection method depends on how the new router should access the Internet – through an intranet router or in some other way.
In the first case, you will need to use the lan-to-lan method – that is, connect the new router through the LAN connector to one of the free similar connectors on the intranet router. In this case, you must disable DHCP on the new router and set it a static IP address on the same subnet as the intranet router, but differing from it in the last digit.
After that, all devices connected to the new router will be on the same network as the intranet clients, Internet access will be made through the intranet router.
If the new router has a separate network and an independent connection to the Internet, you will need to define an additional gateway, otherwise the router, seeing a “foreign” address, will send a request to the Internet gateway, where, of course, there is no desired resource.
To do this, you need to create a static route to intranet resources, i.e. explicitly specify to which gateway requests should be redirected for some addresses.
Let’s say the intranet addresses are in the space 10.0.0.1-10.0.255.255, and the intranet router on the new network has a local IP address of 192.168.0.2. In this case, the route parameters will be as follows:
Connecting to an intranet via the internet
Everything becomes more complicated if you need to connect to the local network via the Internet. The local network router must be at your complete disposal, and the local network must have Internet access (preferably with a “white” IP address).
The easiest way, implemented on most routers, is port forwarding. How to do this is written here , you can also read about the “colors” of IP addresses and about connecting an individual client to a local network via the Internet.
The disadvantage of port forwarding is that it only allows access to certain network resources. If it has two file servers, the address can only be forwarded to one of them. You can, of course, open remote access to the router and, before connecting to the resource, forward the port to the desired computer on the network. But this method cannot be called convenient, and full access to the local network, when you see the entire list of computers in the workgroup on the screen, it will not replace.
The solution to the problem is a VPN tunnel:
A VPN tunnel is a secure site-to-site connection over another network using VPN (Virtual Private Network) technologies. With this connection, users of one network have full access to the resources of the other as if they were in the same local network.
How to set up a VPN tunnel? Firstly, the router must have support for this technology, and not all routers have it. In some models, VPN support is not available by default, but it can be installed additionally – such a mechanism is implemented in Keenetic routers.
However, it is possible to use alternative firmware such as DD-wrt or OpenWrt , but you will need some specific skills and good knowledge of network technologies to use them.
If the “PPTP VPN” or “VPN server” section is in the router menu, this is still not enough – you need a “white” or “gray” IP address on both sides. Moreover, it is “white” that is needed from the server side, and if it is still “gray” there, you will need to configure the DDNS service (how to do this is also written here ).
The tunnel setup itself – if all the conditions are met – is not particularly difficult. On the server side, you should set the range of addresses from which access to the network will be possible, login / password, and start the server.
On the client side, you will need to configure a PPTP connection to the server by specifying its IP address or domain name, login and password.