I have a situation where I need to route data from an office network into a private (non-P2P) SIM card network using a network connection on a Windows machine. I must use Windows for this as the network connector software is provided as a Windows .exe by my ISP, and includes authentication and whatnot. Installing this software creates a virtual network adapter called "Ethernet 2", visible in my control panel. The set up is to be as follows:
(https://imgur.com/a/XhsoiS2)
In this set up, I need to use my Windows machine on 10.0.2.37 to accept incoming traffic from the LAN, forward this traffic through the other connector into the SIM network, and allow this communication for all devices on the LAN. I can not alter any of the settings on the Ethernet 2 adapter in control panel, otherwise the network connector software fails to create the tunnel. I also cannot enable any of the sharing options on either network adapters in the control panel for the same reason. I only have a gateway configured for 1 of my interfaces in the control center, and that is the 10.0.0.1 gateway for the LAN. Ethernet 2 has no gateway.
I have spent about a full day researching this with no luck. I have done the following:
- I have set 'IPEnableRouter' in the regedit software
- I have ensured routing is enabled on all interfaces using ipconfig \a
- I have added an "Allow incoming connections on any port" rule within the firewall manager. Prior to this I could not even ping the Windows machine from my client device.
Setting my client device to have a gateway of the Windows machine (10.0.2.37) allows me to use this device to access the public internet. I can perform the following trace routes with next hops from my client device (10.0.5.118):
- 10.0.5.118 -> 10.0.2.37 -> 10.0.0.1 -> 8.8.8.8
- 10.0.5.118 -> 10.0.2.37 -> 192.168.255.33
- My ping seems to get as far as getting a response from the Ethernet 2 adapter, but does not propagate any further.
- I have attempted to set a static route on the client device to use 192.168.255.33 as the gateway for the 172.160.0.0/19 network. This had no success.
- I am able to set up a singular port forward on my Windows machine which enables traffic from external port 10600 to internal port 443 at internal address 172.16.1.45. Using this, i can access the HTTPS page of this singular IoT device at the url https://10.0.2.37:10600/
Looks like the issue may be with the routing table - how did you add the static route?
If it helps, I found this article: https://www.geeksforgeeks.org/how-to-add-a-static-route-to-windows-routing-table/#
Quote from: deanwebb on September 12, 2023, 03:07:19 PMLooks like the issue may be with the routing table - how did you add the static route?
If it helps, I found this article: https://www.geeksforgeeks.org/how-to-add-a-static-route-to-windows-routing-table/#
I have attached my routing table. Please note in this table the "10.0.0.0" network is actually "10.91.0.0" so all IP entries are slightly different than to my diagram above.
That should work. So why doesn't it work, but the port forward does?
What's in that device with a key on it that could potentially be causing the issues? If it has some kind of default setting to reject pings or things like that, it might be worth a look.
Are you NATing the traffic on the Windows box, or is it going out with the original IP. If no NAT does the device at 192.168.255.34 know how to route back to the 10.91 IP?
-Otanx
Quote from: Otanx on September 13, 2023, 09:20:25 AMAre you NATing the traffic on the Windows box, or is it going out with the original IP. If no NAT does the device at 192.168.255.34 know how to route back to the 10.91 IP?
-Otanx
NAT unfortunately is one of the networking concepts I struggle with a little bit. Would you happen to know how I can check whether the NAT is set up within windows? I may have read somewhere that only windows server supports NAT but I'm not completely sure.
Quote from: deanwebb on September 13, 2023, 08:30:47 AMThat should work. So why doesn't it work, but the port forward does?
Glad to know I'm not the only one going insane over this. I have reached out to the ISP who provide the virtual NIC software but unfortunately am yet to receive a response.
I think Otanx asked the right question: Win 10 can do port forwarding/proxying.
https://superuser.com/questions/1088309/windows-10-nat-port-forwarding-ip-masquerade
You would also want to look up Windows Internet Connection Sharing:
https://ourtechroom.com/fix/windows-10-internet-connection-sharing/
But that's how the Win 10 will do NAT. Microsoft spells NAT "ICS" :smug:
Quote from: deanwebb on September 14, 2023, 08:59:09 AMYou would also want to look up Windows Internet Connection Sharing:
But that's how the Win 10 will do NAT. Microsoft spells NAT "ICS" :smug:
Thank you for clarifying this. I will definitely give a read through the links you send through. Unfortunately, due to some aforementioned limitations of this stupid network connector software, it completely stops working when I enable ICS through the control panel. It fails to set up the tunnel and I'm not exactly sure why.
I guess this means I may have hit a brick wall with my attempted set up. 😔
Quote from: aiden21c on September 12, 2023, 06:14:15 AMI can not alter any of the settings on the Ethernet 2 adapter in control panel, otherwise the network connector software fails to create the tunnel. I also cannot enable any of the sharing options on either network adapters in the control panel for the same reason.
If you can't do ICS/NAT on the Windows box then you will need to look at the config on the box with the IP 192.168.255.34, and put a default route on it pointed back to the Windows box. I think this is where the issue is. The Windows box is forwarding the traffic through just fine, but nothing on the IOT network knows where to send the return traffic.
-Otanx