Computer connecting to local LAN IP rather than dial in VPNs LAN IP

2

My home gateway IP has the same range as a dial in VPN's LAN that I need to connect to. When I try and connect to some of the devices on that VPN's LAN my computer will try to connect to the IP on my local LAN, rather than the device on the VPN LAN with the same IP. How can I make sure it connects to the dial in VPNs LAN?

My office has a different gateway IP range so when I connect to the same dial in VPN I don't seem to have these problems.

sam

Posted 2018-02-25T23:30:22.607

Reputation: 3 411

Answers

1

It (probably) can't be done.

The problem boils down to the fact that in order for your computer to connect to the remote VPN, it needs a route over your local network to the Internet. Therefore any tricks you employ cannot render this route inoperable. This severely limits your options.

When you have two links to the same IP subnetwork (e.g. a computer with a wired and wireless interface to the same network) the go-to strategy is to change one of the interface's metric (cost) to make it the preferred route. Indeed on our example computer this happens automatically because the faster link has a lower cost which places it first in the routing table.

But in your case, the two interfaces are really one interface running on top of the other. If you gave the VPN adapter priority, traffic headed for the remote VPN server wouldn't get placed on your local network so it could be sent to the Internet in order to be delivered to the remote VPN server. If you give the local network priority (which is likely the case for you now), traffic intended for devices on the remote network is being dumped on your own LAN instead of going through the VPN. It's a hot mess.

Ideally one of the two networks needs to be re-addressed. But I'm sure you're asking because that's not what you want to hear.

If you have a degree of control over the IP addressing used by the VPN, one (unlikely to be an option) option would be to configure the subnet masks of your local machine and the VPN adapter to put each interface on a separate subnetwork, i.e. subnetting the existing subnets. This would only be an option if the IP addresses you need on each network happen to be close enough in their numbering to land in distinct but separate subnets.

For example, suppose both networks currently use the 10.0.0.0/16 subnetwork, your local router is 10.0.0.1, your DNS server is 10.0.0.2, your PC is 10.0.0.3. On the remote network you need access to a DNS server at 10.0.1.2 and a server at 10.0.1.3. If you use a /24 mask for both interfaces and specified an IP address of 10.0.1.1 for the VPN adapter, you would be able to communicate with the remote server without losing your local route to the Internet.

But that's a long shot...

I say Reinstate Monica

Posted 2018-02-25T23:30:22.607

Reputation: 21 477

Thanks, i think ill just update the gateway IP at home, it shouldn't take too long to do and update any static IP addresses other IP devices are looking for. So for future reference should i always setup a new sites with a different C block for their gateway IP if i intend to VPN in ? – sam – 2018-02-26T17:25:02.880

1Yes yes yes! It might be even easier to use an uncommon IP subnetwork at home, such as 10.254.219.0/24 to further decrease the liklihood of address space collisions. That's how I've solved this problem in my environment. – I say Reinstate Monica – 2018-02-26T17:28:08.917

Asked: 2018-02-25T23:30:22.607

Viewed: 65 times

Active: 2018-02-26T03:51:02.913