IP routing over VPN

Posted on 2006-05-26
Medium Priority
Last Modified: 2010-04-12
Hi All,
A small problem that hopefully you can help with.

I work from a home network with an IP address range of but a server on
I connect to a number of remote offices via a software VPN link to a hardware VPN router in the offices and am given an IP address of for the VPN link.  

All the offices have a server with an IP address of the problem is when I try to remote desktop to the servers in the remote offices by IP address (  I  obviously can only connect to the server on my local network.  So my question is how can I connect to any of the remote servers.  Unfortunately changing any of the IP addresses isn't an option.

I'm thinking along the lines of forcing my laptop to route any requests to the address through the vpn connection when it is available?

Any ideas greatly received.

Question by:Eden-IT
LVL 79

Expert Comment

ID: 16769077
I would highly suggest changing your home network subnet. There are very few options for you.
What VPn client do you use? If Cisco, then you have ZERO capability to affect the routing from the client end.
This is the problem with 1/2 the people in the world using 192.168.1.x


Author Comment

ID: 16769395
I'm using the windows software vpn clinet.
Changing the subnet is not a starter as I also need to access each of the office when I am at any of the offices (if that makes sense!).  Changing the subnet at the offices would be a massive job and isn't going to happen!
LVL 79

Expert Comment

ID: 16769711
Looks like we have ourselves painted into a corner . . .
It's still a basic routing issue.
The NIC has a local IP of 192.168.1.xxx
The VPN client has a local IP of 192.168.1.xx
The server (every one of them) is
As far as the NIC is concerned, is local - always and forever. It won't/can't forward that through any gateway.
There's a little thing called ARP and ARP cache that caches the mac-IP mapping. Even if you clear the arp cache, the first time you try to access, the first reponse to an arp request (who has ? what is your MAC address?) will always be the local server because it's an arp broadcast.
Only because you are using Microsoft client -- you *could* try a route entry and see what happens, your mileage may vary, nothing guaranteed:
  C:\>route add mask
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.


Author Comment

ID: 16770034
I'll give it a try next week, thanks so far.

LVL 78

Expert Comment

by:Rob Williams
ID: 16770724
Though not recommended practice, and may not work, if you are using the Windows VPN client, make sure the "use default gateway on remote network" is checked on the virtual adapter. To locate:
Control panel | network connections | right click on the virtual adapter choose properties | networking TCP/IP properties | Advanced | General | "use default gateway on remote network"

This is usually enabled by default and having it enabled will not allow you to connect to any local resources, but it does force all traffic to the remote network, and usually works in this situation.
LVL 11

Accepted Solution

prueconsulting earned 1000 total points
ID: 16790375
Probably the easiest thing to implement since its windows is to assign a pool of addresses on each VPN connection in a different Ip address range ie office a 192.168.2.x  , office b 192.168.3.x  and then assign a secondary address to the network adapter of each server to that pool range.

Change your home network..

As far as a major job to reip each network its probably a good strategic plan to do so because you will end up doing it when the sites all want to be interconnected  .. because routing will not work properly when you have it configured like that

Author Comment

ID: 16792106
Thanks for the responses, I will try both options this week and then responde.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question