Setup of a LAN printer on home and VPN network

We have a LAN setup in our office with a 2012 server - the IP range is
My director uses VPN to dial in to the server from home to get access to files and folders that are on the server. The PPTP server will give him an IP address in the same range. This part works well.
The problem comes when he wants to print to his home printer (which is on a LAN, not USB). Items sent from home to the office printer run off fine but as the IP range is the same ( the home printer will not print it - I think this is the case until he disconnects the VPN which is not very practical.

I see PPTP is very obsolete - so perhaps I need to implement a new VPN system on this MS 2012 server?

Any advice on the setup would be appreciated.
JackIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlexProject Systems EngineerCommented:
Yeah won't happen, leaving the ports open to his home network is essentially a massive security hole, whilst you can allow access to local network resources, you shouldn't because you can hack his home machine, then the business machine and then get into your network, him being a director increases this risk.

Can you do it, yes unblock local resources on your VPN client, just because you can do it doesn't mean you should.
Either you setup up the office lan as 10.10.x.x series or you could ask the director change his lan setup at home to 10.10.x.x series
AlexProject Systems EngineerCommented:
That won't work because of the VPN, it's a tunnel between the machine and his corporate network. This is the entire reason of a VPN, it secures everything between the machine and the network so the networks you're going through are inaccessible
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

Okay ... I thought the printer won't work cause it running on the same class of ip as the vpn.
AlexProject Systems EngineerCommented:
No that has nothing at all to do with it, the entire premise of a VPN is security, leaving a gaping hole between your network and the unsecured, dirty network that tends to be in ANY home is a massive risk, you WILL fail any security audit carried out by an independent party.
IC... it happens to me before after I change my home lan to 192.168.x.x  the corporate vpn works. I Guess I was in luck
AlexProject Systems EngineerCommented:
that and you're an Admin which means you could possibly have a different ruleset :-)
Martyn SpencerSoftware Developer / Linux System Administrator / Managing DirectorCommented:
The reason that it is not working is that your office network and your boss' network are effectively the same subnet. This means that when the VPN connection is established, by default all traffic is likely to be routed over the VPN and not on the local LAN. This may well be desirable. It may also be that whatever VPN client you use is blocking local resources, but as I see it you are probably just suffering from a routing issue if you are using the Windows VPN client with default settings.

If you want to avoid this, you need the office network and the home network to be on different subnets. Then, it will work. However, do bear in mind that there are security issues (mentioned by Alex) that need to be considered. You need to ensure that the VPN server (and I would avoid PPTP as it is one of the least secure technologies) has a properly configured firewall, or that it sits in a properly security controlled zone. Personally, I would not leave it to a VPN client to handle the security side of things (though as an additional measure, it's perfectly wise). I would always handle the necessary firewalling VPN server-side (either relying on the VPN server providing necessary filtering, if possible, or having the VPN server in a DMZ that can be properly controlled).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
One definite reason for issues is the subnets being the same. And it's going to be easier to change the subnet at the person's home than at the office. (However, I would also say that it's bad practice for an office to use a common subnet like that)

I would also be asking whether other users have this same issue when they have different subnets at their houses. Then that would mean you're getting into the question of split tunneling.

As for the PPTP question, you should be moving away from that to something modern, yes.
JackIT ManagerAuthor Commented:
Many thanks all. THat has given me the info I need to fix this. Should be relatively straight forward to reconfigure the home side of things.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.