VPN - Same remote ip address range as work network

[PaddyT]

I have recently set up a new VPN connection to a windows 2008 server. This is working OK, and I have drives mapped when the user logs in. However, if the client at home is on the same IP range as the Server, then it causes issues.

I created the VPN client using the Connection Manager Administrator Kit which is ideal, however, is there any way of changing the IP address when the user logs in? I have looked at static routes etc, but I am not sure how they work or whether it would give me what I require.

Any help much appreciated!!

 

[Noway2]

Having the client's lan and the VPN lan sharing the same subnet/ip range will cause problems, as you discovered. The question becomes do IPs in range X map locally or to the VPN, which causes a conflict.

There may be a way to push a different IP address to the client, but it will depend on your VPN software and configuration. Would it not be easier to have the client use a different / change his IP than changing that of the server system?

 

[burtsbees]

If this is a remote access VPN, and the client is getting handed an ip address from the vpn pool that is in the same subnet as the LAN where the shares are, then the vpn pool must be excluded from NAT.

If this is a site to site, the only way it will work...

1.Have the user change to a different subnet
2.MPLS VPN

You could not do anything if the user is even able to log in. This sounds like a remote access VPN, and the user's LAN subnet makes no difference---upon connecting, the user gets assigned an address directly connected to the remote LAN.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Noway2]

burtsbees,

I am having a mental disconnect with one of your comments and I was wondering if you would please clarify. You made the statement:

This sounds like a remote access VPN, and the user's LAN subnet makes no difference---upon connecting, the user gets assigned an address directly connected to the remote LAN

.

While I agree that in a remote access VPN, the connecting client gets an address from the remote lan, I don't see how this will absolve potential routing issues caused by an address conflict.

Lets say for example, that the client's lan uses the very common 192.168.0.0/24 and gets the IP of 192.168.0.3 with the gateway of 192.168.0.1, which is also common. Lets also say that the remote LAN to which the client is connecting also uses this same address range, which may be foolish for a remote VPN, but lets say that it is.

Then when the client connects lets it get the address of 192.168.0.10. When the client tries to access a VPN resource, such as a network share, how will it route to the VPN? Won't the client's router determine that the LAN resource is a local address and consequently it won't pass the traffic out it's (real) gateway that provides the tunnel to the VPN? In this instance I don't even think it would matter if the pushed remote gateway was the same or different as the clients default gateway.