×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

VPN - Same remote ip address range as work network

VPN - Same remote ip address range as work network

VPN - Same remote ip address range as work network

(OP)
I have recently set up a new VPN connection to a windows 2008 server. This is working OK, and I have drives mapped when the user logs in. However, if the client at home is on the same IP range as the Server, then it causes issues.

I created the VPN client using the Connection Manager Administrator Kit which is ideal, however, is there any way of changing the IP address when the user logs in? I have looked at static routes etc, but I am not sure how they work or whether it would give me what I require.

Any help much appreciated!!

RE: VPN - Same remote ip address range as work network

Having the client's lan and the VPN lan sharing the same subnet/ip range will cause problems, as you discovered.  The question becomes do IPs in range X map locally or to the VPN, which causes a conflict.

There may be a way to push a different IP address to the client, but it will depend on your VPN software and configuration.  Would it not be easier to have the client use a different / change his IP than changing that of the server system?





 

RE: VPN - Same remote ip address range as work network

If this is a remote access VPN, and the client is getting handed an ip address from the vpn pool that is in the same subnet as the LAN where the shares are, then the vpn pool must be excluded from NAT.

If this is a site to site, the only way it will work...

1.Have the user change to a different subnet
2.MPLS VPN

You could not do anything if the user is even able to log in. This sounds like a remote access VPN, and the user's LAN subnet makes no difference---upon connecting, the user gets assigned an address directly connected to the remote LAN.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

RE: VPN - Same remote ip address range as work network

burtsbees,

I am having a mental disconnect with one of your comments and I was wondering if you would please clarify.  You made the statement:

Quote:

This sounds like a remote access VPN, and the user's LAN subnet makes no difference---upon connecting, the user gets assigned an address directly connected to the remote LAN
.
While I agree that in a remote access VPN, the connecting client gets an address from the remote lan, I don't see how this will absolve potential routing issues caused by an address conflict.

Lets say for example, that the client's lan uses the very common 192.168.0.0/24 and gets the IP of 192.168.0.3 with the gateway of 192.168.0.1, which is also common.  Lets also say that the remote LAN to which the client is connecting also uses this same address range, which may be foolish for a remote VPN, but lets say that it is.

Then when the client connects lets it get the address of 192.168.0.10. When the client tries to access a VPN resource, such as a network share, how will it route to the VPN?  Won't the client's router determine that the LAN resource is a local address and consequently it won't pass the traffic out it's (real) gateway that provides the tunnel to the VPN?  In this instance I don't even think it would matter if the pushed remote gateway was the same or different as the clients default gateway.


 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close