Sharing VPN access between two computers on the LAN

I have VPN access to several machines in my office from my home machine. I'd like to be able to access those machines from another computer on my LAN, without setuping a second VPN access. Both computers are Windows 7 machines.

Is there a way for my "main" computer to share its VPN access to another machine on the LAN? How would one setup this share?

I don't think "simple" Internet connection sharing fits my needs because:

My LAN already has its own DHCP/Router to access the Internet, and I'd like to keep it this way
I can't access the Internet through my VPN connection

Axelle Ziegler

Posted 2010-09-01T18:16:27.690

Reputation: 143

Are you responsible for the VPN server? What type of VPN is it, or what VPN client does it use? – Zoredache – 2010-09-01T18:23:00.663

No, I'm not responsible for the VPN Server, my company sysadmins' are. I guess I can pretty easily ask them specific questions. It's a Cisco VPN, and I use Cisco AnyConnect to connect to it. – Axelle Ziegler – 2010-09-01T18:38:02.370

1installing a VPN router on your side should help you get all computers to access the VPN'ed network.. but i think both sided needs it.. hence comment only not answer – Piotr Kula – 2011-12-29T21:38:31.643

Answers

I believe the solution is to create a site-to-site VPN, and not have computers run the tunnel individualy.

Perhaps your sysadmins could point you in the direction on how to do so?

xstnc

Posted 2010-09-01T18:16:27.690

Reputation: 683

+1 for the "right way" solution. Adding static routes on your home LAN for something that is not always going to be connected, and something whose configuration you do not control/might change is a recipe for unmaintainability and trouble. Either set up a second AnyConnect endpoint on the second computer (Cisco makes clients for all different OSes), or connect to the VPN at the router level. Heck, if your router runs something like DD-WRT or a linux-ish OS, you might even be able to put an AnyConnect client on it. If not, though, get a site-to-site VPN. It's what you're asking for. – Zac B – 2012-11-28T19:37:33.517

Actually, I did connect to the VPN at the router level. – Axelle Ziegler – 2012-12-14T07:53:51.203

You might be able to get away with adding a route on the second machine to direct traffic to the VPN through the machine running the VPN client. I'm thinking something like:

route add 192.168.1.0 MASK 255.255.255.0 192.168.2.8

where 192.168.1.xxx is IP of the work VPN and 192.168.2.8 is IP of the VPN client. You might check out this discussion of the route command

EDIT: Linux syntax should be

route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.8

On windows it's

route add 192.168.1.0 MASK 255.255.255.0 gateway 192.168.2.8

rlduffy

Posted 2010-09-01T18:16:27.690

Reputation: 129

Will check that when Ic ome back home on monday. Thanks a lot. – Axelle Ziegler – 2010-09-03T15:39:08.440

Looks like I'm wrong. I spent some time playing with it and had no luck. Sorry – rlduffy – 2010-09-07T01:47:11.593

Your solution worked for me (provided that the VPN connection was shared) – Arnaud – 2018-10-21T12:19:23.140

Also don't forget the -p switch to make the route permanent : route -p add ... – Arnaud – 2018-10-21T12:50:57.283

It seems I’ve solved same problem for myself today:

My configuration:

Router has address 192.168.1.1/255.255.255.0 and DHCP on
Windows 7 PC has LAN IP 192.168.1.5 (netmask 255.255.255.0 gateway 192.168.1.1) and PPTP VPN to remote 10.10.10.0 network

My last attempt was (and it's working!):

I switched on ICS on VPN connection and choose LAN as a target
This changed my PC LAN IP to 192.168.137.1 and clears gateway, so I fixed it by setting the LAN IP to 192.168.1.5, netmask to 255.255.255.0, and gateway to 192.168.1.1 (my DNS was 8.8.8.8 initially)
I’ve add a static route on the router: 10.10.10.0 mask 255.255.255.0 gateway 192.168.1.5

I have tried a thousand combinations and finally it’s working! Hopefully it can help others.

Aleksey

Posted 2010-09-01T18:16:27.690

Reputation: 21

Tweaking router config is by far the best solution. This way i was able to share VPN connection with other PCs without messing with route command line tool. – esteewhy – 2015-10-01T12:48:33.830

@Aleksey I did everything you posted as answer. Differences are that I have is mask 255.255.255.255, and my other computer on network is Mac. Is there anything else needs to be done? Please help – be_good_do_good – 2017-05-22T19:20:13.343

The ability to allow a second computer to use the VPN depends on the settings your VPN client has - usually, VPN clients preconfigured by "corporate" admins are set to only allow the node actually running the VPN client software in on the VPN link.

I had a similar problem when I wanted a device to access a CVS server behind a firewall, but did not have a VPN client on that device. Solution: configure a non-standard port on the "2nd machine", run SSH (in your case: PuTTY) to forward that port to the server only "1st machine" can see when the VPN is connected:

[2nd_machine]-->[1025/tcp PuTTy on 1st_machine forwards]-->[VPN concentrator]-->[22/tcp CVS Server]

Florenz Kley

Posted 2010-09-01T18:16:27.690

Reputation: 1 453