VPN split access anyone?

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › IT Pro and developers › VPN split access anyone?

freitasm

BDFL - Memuneh
61481 posts

Uber Geek
+1 received by user: 12205

Administrator

Trusted

Geekzone

Lifetime subscriber

Topic # 114442 20-Feb-2013 08:32

I am playing with a SSTP VPN access and have a problem accessing the Internet while connected to the VPN.

The server won't route access to the Internet (and I don't want it to do it) which means that while connected to the VPN the client PC can access resources in the LAN but can't access the Internet. If I uncheck the advanced option in the IPv4 settings to not use the Gateway by default then I have Internet access but can't access the VPN resources.

Does anyone have a suggestion to fix this and have access to both resources while the VPN is connected? Something that wouldn't break things when the VPN is not active?

I am running the SSTP VPN server on a Windows Server 2012.

Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) |

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management

RunningMan

5148 posts

Uber Geek
+1 received by user: 1672

Reply # 766177 20-Feb-2013 08:37

Were you using a Cisco SRP521? The current firmware has a VPN server in it that you could try instead, if this is at the same site.

freitasm

BDFL - Memuneh
61481 posts

Uber Geek
+1 received by user: 12205

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 766178 20-Feb-2013 08:39

No, the servers are at the datacentre. I have a SRP521 but this is on my client side, so no use there.

Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) |

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management

magu

Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted

BitSignal

Lifetime subscriber

Reply # 766180 20-Feb-2013 08:39

Seems like you need to add a route for the LAN subnet on the other side of that VPN link on your own machine.

Something like (pseudo code):

ROUTE ADD 192.168.0.0/24

"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

freitasm

BDFL - Memuneh
61481 posts

Uber Geek
+1 received by user: 12205

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 766181 20-Feb-2013 08:42

Yes, I guess would need to add a route to the VPN on my client. I will probably need to change some of the stuff on my server side too as the server LAN uses the same subnet as my client LAN, so I don't want to mess up the addresses.

Right, will have to work a bit on this...

Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) |

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management

kiwirock

623 posts

Ultimate Geek
+1 received by user: 124

Reply # 766199 20-Feb-2013 09:10

Yeah they won't work to well having the same subnet.

Another pet annoyance I've found with VPN's on Windows (at least XP and below, I don't have 7), that if your remote subnet is say 10.1.1.X/24 silly Windows still puts a route in for a /8 instead on the PPP/VPN interface based on the old class system. This is annoying especially when using say 10.0.0.X/24 as it'll put a route in for 10.X.X.X/8 instead and cause headaches if your local LAN is any address starting with 10 until you manually delete the route and put a /24 in.

edit: Was referring to the client side.

freitasm

BDFL - Memuneh
61481 posts

Uber Geek
+1 received by user: 12205

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 766201 20-Feb-2013 09:11

Yes, later today I will change the Hyper-V Private Network configuration to a different subnet, reconfigure the VPN server, add a route to that and work from there...

Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) |

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management

magu

Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted

BitSignal

Lifetime subscriber

Reply # 766202 20-Feb-2013 09:13

I've found using the 172.16.x.x range being extremely helpful to avoid such problems, especially when connecting to multiple VPN endpoints at the same time.

"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

kiwirock

623 posts

Ultimate Geek
+1 received by user: 124

Reply # 766215 20-Feb-2013 09:24

Yes those 172.16/12 addresses are handy, I use them on my WiFi subnets as chances are someone who connects doesn't use them.

I was using the commercial NAT reserved range for a while added not that long ago but switched back to 172 since IPv4 is now on the thin line.

freitasm

BDFL - Memuneh
61481 posts

Uber Geek
+1 received by user: 12205

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 766270 20-Feb-2013 10:43

Ok, changed the range in the server side from 192.168.2.x to 192.168.10.x and changed option on VPN server configuration to "Enable this computer as a [x] IPv4 router (O) LAN routing only".

This fixed the issue with no need to add any new routes on the client side. I can now continue to access the Internet and have access to the LAN on the server side.

Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) |

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow @geekzonenzforum

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow @geekz1

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

Follow @geekzoneprices

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.

RSS feeds: Main feed; Forums feed; All RSS feeds

Site features: Geekzone Badges; Geekzone Slack channel; Geekzone on Twitter

Geekzone offers: Switch your broadband with Geekzone; Amazon orders (Kindle, books, everything); MightyApe orders; Payoneer card

Status: Geekzone Status; Geekzone Dashboard

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising on Geekzone; Trademark and copyright