How Does a VPN Manage Local IP Addresses

10

6

When you have devices with the same static IP addresses on two networks how does a VPN keep them straight?

Example: I have a small network in my home office with 3 computers. I routinely connect to a remote office that has a Sonicwall router w/VPN using the Sinicwall VPN client on my main machine. Once connected, I am still able to access devices on both networks which use static IPs (they are servers.)

Both LANs use 192.168.0.x addressing. When I specify using a device like a server or printer at say 192.168.0.10 how does it determine whether to use the address on my physical local LAN or the one on the remote LAN?

Is it doing NAT translation similar to what the router does when it connects to the Internet?

Am I just "lucky" it's working?

Timm

Posted 2013-01-15T14:56:59.287

Reputation: 101

Answers

4

To answer your question, Yes, you're "lucky" it's working.

When you connect to your VPN, your tunnel interface is assigned an IP by that remote DHCP server. So you're technically routing from the VPN server to your remote devices. You're probably connecting to your servers via their DNS names or something, which is resolved by your DNS servers locally. In which case if it couldn't find it, it'll search in your remote office.

So technically yes, this'll work. But it is not very efficient.

EDIT**

VPN diagram

So for eg. your VPN client is assigned an address by the SSL VPN. Which could be a different network address range. (eg. 172.16.32.0/16) While your remote network is working in the 192.168.1.0/24 range. The VPN server can be configured to bridge the two networks together.

The IP that your VPN client gets is not from the remote site's system/router's DHCP server, but rather the VPN server's DHCP server.

About the DNS, I don't really know how to explain properly. It uses a mix of DNS, ARP and RARP requests to determine the correct device. Hopefully this is enough to understand.

Lelouch Lamperouge

Posted 2013-01-15T14:56:59.287

Reputation: 259

How does it search the remote office if it's not finding it via "local" DNS servers? And which ones are the local DNS servers? If he's receiving DHCP from the remote machine, won't he be using the office's DNS servers? I'm confused. – Tanner Faulkner – 2013-01-15T16:14:43.490

@r.tanner.f Let's say A is the network he is in, and B is the remote site. He has 2 IP addresses in 2 "different" networks but his default path will be routed through the VPN(B). Which is why the remote servers(B) appear to be "local". Even so, because he is still technically on his local network(A), he will be able to access his local servers(A). I am guessing your confusion comes from thinking that he has 2 routers connected through a VPN tunnel. That'll be different, but in his current setup, only his computer is connected as a client. – Lelouch Lamperouge – 2013-01-15T16:32:51.740

Ah, yes that clears some things up. Still a little confused about the DHCP and DNS bits. Could you edit your answer? – Tanner Faulkner – 2013-01-15T16:46:10.230

@r.tanner.f edited, hope it helps (: – Lelouch Lamperouge – 2013-01-15T17:46:45.727

1

How Does a VPN Manage Local IP Addresses and how does a VPN keep them straight?

I had this exact same question!

The thing is, it depends entirely on the VPN Technology, and there's well over ten different VPN Technologies. I'll discuss three popular ones.

  • VTIs (new, somewhat similar effect to DMVPN)

  • DMVPN = GRE Tunnels (which allows OSPF/EIGRP routing protocols) inside of IPSec Tunnels (Which do the encryption).  Here's a diagram:
    Network diagram
    In this VPN Scenario you keep your IP address from your local DHCP server, but your router now has a route to the remote Private LAN, through the tunnel, and you can ping the private IP addresses of the Remote LAN. (The tunnel is able to bypass NAT and Firewall, Tunnel = a virtual interface on your local router that connects to a virtual interface on the remote router, via a virtual ethernet cable.)

  • OpenVPN (Which I think works similarly to your Sonicwall): You install client software on your PC that creates a virtual adapter. So now your PC has a physical Ethernet Port with an IP address on your local LAN, that allows you to ping to static servers on your local LAN. When you connect to the Remote VPN your virtual network adapter will get a virtual IP address. Where does it get this virtual IP address? You won't get it from your Local DHCP Server, and you won't get it from the DHCP server on the remote network either. The VPN Server has it's own pool of IP Addresses just for VPN clients, and the VPN Server has a spot to configure the DNS info given to remote VPN clients. I think OpenVPN uses 10.8.0.0/16. Your Virtual Interface will get a Virtual IP address from the range reserved for remote VPN clients. Note that the Virtual IP address is an IP address that exists on the remote Private LAN, and that's how you can ping the static IP address of servers on the remote private LAN. So by having two interfaces one physical and one virtual, you can ping local LAN servers and remote LAN servers, also the physical interface is configured with your local DNS server, and the virtual interface is configured with the remote DNS server. So you can resolve both local DNS and remote DNS.

neokyle

Posted 2013-01-15T14:56:59.287

Reputation: 111

Asked: 2013-01-15T14:56:59.287

Viewed: 36 239 times

Active: 2018-06-04T07:39:46.357