Connecting two private LANs - issue with VPN

1

I have a "home" LAN in the 192.168.1.x subnet, where my internet facing router which is also the gateway has the IP of 192.168.1.1.

On top of that, I have a "lab" environment running on ESXi where I am using a 10.x.x.x subnet.

I am using RRAS to act as my router with a static route to the 192.168.1.0 subnet and another static route on my internet facing router to access the 10.x.x.x subnet.

This all works well when I'm on my laptop, but on my desktop I have a VPN client installed which gives me an IP address in the subnet 10.x.x.x, so any attempts to contact my own internal 10.x.x.x subnet get redirected through the VPN instead.

I know I could change it so that Windows prefers my non-VPN network adaptor, but that would mean the external traffic is also not routed through the VPN either, rendering the VPN useless.

So how can I gain access to my 10.x.x.x subnet whilst connected to the VPN and ensure that at the same time any external traffic is still going through the VPN?

Thank you.

EDIT1:

Diagram of the network:

https://creately.com/diagram/hoq2lfcn2/Ht609UGn1TpgWz29zeQsJVtrfwc%3D

PC1 is running an Viscosity, an OpenVPN client to connect to a VPN service. The IP address from the VPN service varies but is always within the 10.x.x.x subnet and the subnet mask is always 255.255.255.252.

When the OpenVPN client is disconnected I can connect to all of the VMs on the 10.x.x.x subnet from PC1, but not when the VPN is connected, as the traffic gets routed through the VPN instead of outside the tunnel.

From PC2 (which does not have a VPN client) I can always connect to all the VMs on the 10.x.x.x subnet.

cogumel0

Posted 2013-12-02T11:26:02.983

Reputation: 123

1Please draw what you have now. And what you want to achieve. – STTR – 2013-12-02T11:48:22.273

@STTR, Added diagram. I just want to be able to access my VMs on the 10.x.x.x subnet from PC1 whilst connected to the VPN client. – cogumel0 – 2013-12-02T19:27:11.167

Answers

0

This depends on exactly what you want to achieve. If I have read your message correctly, you are not interested in contacting the LAN behind your VPN server, but only in using it as a springboard to access the Internet (please correct me if I got this wrong).

If this is indeed the case, then there is no problem. All you have to do is to set up two separate routes, one for the subnet 10.x.x.x through the eth0 interface, and another one for your VPN router (let's say it has IP 10.0.0.1) through the interface ppp0/tun0/tap0, depending on the type of VPN you are using. This ought to be a route for a single IP address, 10.0.0.1/255.255.255.255. And that's all. This works because the routing table always applies first the most restrictive rules (and nothing can be more restrictive than a route for a single IP), then the more comprehensive ones.

If instead you are also interested in reaching the LAN behind your VPN router, the situation is more complex. It basically depends upon whether the two subnets, 10.x.x.x/mask1 and 10.y.y.y/mask2, overlap or not. To solve this case, you will have to post your routing table and ipconfig.

MariusMatutiae

Posted 2013-12-02T11:26:02.983

Reputation: 41 321

This is a paid for VPN service so I have no control over the routing tables on that side. Hopefully the diagram I just added will help to show what the setup looks like. – cogumel0 – 2013-12-02T19:22:12.640

But it is perfectly clear. The solution sketched above in fact is quite adequate. – MariusMatutiae – 2013-12-02T19:32:21.670

Can you explain how I would setup the two different routes directly on PC1 which is running Windows 7? Because that's where it would have to be done. Also bear in mind that the IP address given by the VPN service keeps changing. – cogumel0 – 2013-12-02T19:35:51.453

I looked at the routing table on the client and when the VPN connects it automatically creates a route for the single IP that I am given with a mask of 255.255.255.255. So if I do route add 10.0.0.0 mask 255.0.0.0 metric 50 if 11 that should route all requests that are going to 10.x.x.x and not caught by the more restrictive rules of the VPN to my router which in turn will route it to my VMs, whilst still routing all other non-internal traffic (192.168.1.x and 10.x.x.x) through the VPN, correct? – cogumel0 – 2013-12-02T20:42:57.773

Correct. That's the first solution I described in my answer. – MariusMatutiae – 2013-12-02T20:58:37.233

I knew what you meant, I just didn't know how to do it in Windows 7 :) – cogumel0 – 2013-12-02T21:30:27.783

Asked: 2013-12-02T11:26:02.983

Viewed: 764 times

Active: 2013-12-02T19:18:41.790