• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

IP routing over VPN

Hi All,
A small problem that hopefully you can help with.

I work from a home network with an IP address range of 192.168.1.200-250 but a server on 192.168.1.1
I connect to a number of remote offices via a software VPN link to a hardware VPN router in the offices and am given an IP address of 192.168.1.199 for the VPN link.  

All the offices have a server with an IP address of 192.168.1.1 the problem is when I try to remote desktop to the servers in the remote offices by IP address (192.168.1.1)  I  obviously can only connect to the server 192.168.1.1 on my local network.  So my question is how can I connect to any of the remote servers.  Unfortunately changing any of the IP addresses isn't an option.

I'm thinking along the lines of forcing my laptop to route any requests to the 192.168.1.1 address through the vpn connection when it is available?

Any ideas greatly received.

Ed
0
Eden-IT
Asked:
Eden-IT
1 Solution
 
lrmooreCommented:
I would highly suggest changing your home network subnet. There are very few options for you.
What VPn client do you use? If Cisco, then you have ZERO capability to affect the routing from the client end.
This is the problem with 1/2 the people in the world using 192.168.1.x

0
 
Eden-ITAuthor Commented:
I'm using the windows software vpn clinet.
Changing the subnet is not a starter as I also need to access each of the office when I am at any of the offices (if that makes sense!).  Changing the subnet at the offices would be a massive job and isn't going to happen!
0
 
lrmooreCommented:
Looks like we have ourselves painted into a corner . . .
It's still a basic routing issue.
The NIC has a local IP of 192.168.1.xxx
The VPN client has a local IP of 192.168.1.xx
The server (every one of them) is 192.168.1.1
As far as the NIC is concerned, 192.168.1.1 is local - always and forever. It won't/can't forward that through any gateway.
There's a little thing called ARP and ARP cache that caches the mac-IP mapping. Even if you clear the arp cache, the first time you try to access 192.168.1.1, the first reponse to an arp request (who has 192.168.1.1 ? what is your MAC address?) will always be the local server because it's an arp broadcast.
Only because you are using Microsoft client -- you *could* try a route entry and see what happens, your mileage may vary, nothing guaranteed:
  C:\>route add 192.168.1.1 mask 255.255.255.255 192.168.1.199
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Eden-ITAuthor Commented:
I'll give it a try next week, thanks so far.

Ed.
0
 
Rob WilliamsCommented:
Though not recommended practice, and may not work, if you are using the Windows VPN client, make sure the "use default gateway on remote network" is checked on the virtual adapter. To locate:
Control panel | network connections | right click on the virtual adapter choose properties | networking TCP/IP properties | Advanced | General | "use default gateway on remote network"

This is usually enabled by default and having it enabled will not allow you to connect to any local resources, but it does force all traffic to the remote network, and usually works in this situation.
0
 
prueconsultingCommented:
Probably the easiest thing to implement since its windows is to assign a pool of addresses on each VPN connection in a different Ip address range ie office a 192.168.2.x  , office b 192.168.3.x  and then assign a secondary address to the network adapter of each server to that pool range.

Change your home network..

As far as a major job to reip each network its probably a good strategic plan to do so because you will end up doing it when the sites all want to be interconnected  .. because routing will not work properly when you have it configured like that
0
 
Eden-ITAuthor Commented:
Thanks for the responses, I will try both options this week and then responde.

ed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now