Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersVPN split access anyone?


BDFL - Memuneh
58762 posts

Uber Geek
+1 received by user: 10157

Administrator
Trusted
Geekzone
Subscriber

Topic # 114442 20-Feb-2013 08:32
Send private message

I am playing with a SSTP VPN access and have a problem accessing the Internet while connected to the VPN. 

The server won't route access to the Internet (and I don't want it to do it) which means that while connected to the VPN the client PC can access resources in the LAN but can't access the Internet. If I uncheck the advanced option in the IPv4 settings to not use the Gateway by default then I have Internet access but can't access the VPN resources.

Does anyone have a suggestion to fix this and have access to both resources while the VPN is connected? Something that wouldn't break things when the VPN is not active?

I am running the SSTP VPN server on a Windows Server 2012.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

Create new topic
4374 posts

Uber Geek
+1 received by user: 1229


  Reply # 766177 20-Feb-2013 08:37
Send private message

Were you using a Cisco SRP521? The current firmware has a VPN server in it that you could try instead, if this is at the same site.



BDFL - Memuneh
58762 posts

Uber Geek
+1 received by user: 10157

Administrator
Trusted
Geekzone
Subscriber

  Reply # 766178 20-Feb-2013 08:39
Send private message

No, the servers are at the datacentre. I have a SRP521 but this is on my client side, so no use there.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 
 
 
 


Professional yak shaver
1598 posts

Uber Geek
+1 received by user: 7

Trusted
BitSignal
Subscriber

  Reply # 766180 20-Feb-2013 08:39
Send private message

Seems like you need to add a route for the LAN subnet on the other side of that VPN link on your own machine.

Something like (pseudo code):

ROUTE ADD 192.168.0.0/24




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown



BDFL - Memuneh
58762 posts

Uber Geek
+1 received by user: 10157

Administrator
Trusted
Geekzone
Subscriber

  Reply # 766181 20-Feb-2013 08:42
Send private message

Yes, I guess would need to add a route to the VPN on my client. I will probably need to change some of the stuff on my server side too as the server LAN uses the same subnet as my client LAN, so I don't want to mess up the addresses.

Right, will have to work a bit on this...





Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

606 posts

Ultimate Geek
+1 received by user: 119


  Reply # 766199 20-Feb-2013 09:10
Send private message

Yeah they won't work to well having the same subnet.

Another pet annoyance I've found with VPN's on Windows (at least XP and below, I don't have 7), that if your remote subnet is say 10.1.1.X/24 silly Windows still puts a route in for a /8 instead on the PPP/VPN interface based on the old class system. This is annoying especially when using say 10.0.0.X/24 as it'll put a route in for 10.X.X.X/8 instead and cause headaches if your local LAN is any address starting with 10 until you manually delete the route and put a /24 in.

edit: Was referring to the client side.



BDFL - Memuneh
58762 posts

Uber Geek
+1 received by user: 10157

Administrator
Trusted
Geekzone
Subscriber

  Reply # 766201 20-Feb-2013 09:11
Send private message

Yes, later today I will change the Hyper-V Private Network configuration to a different subnet, reconfigure the VPN server, add a route to that and work from there...





Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

Professional yak shaver
1598 posts

Uber Geek
+1 received by user: 7

Trusted
BitSignal
Subscriber

  Reply # 766202 20-Feb-2013 09:13
Send private message

I've found using the 172.16.x.x range being extremely helpful to avoid such problems, especially when connecting to multiple VPN endpoints at the same time.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

606 posts

Ultimate Geek
+1 received by user: 119


  Reply # 766215 20-Feb-2013 09:24
Send private message

Yes those 172.16/12 addresses are handy, I use them on my WiFi subnets as chances are someone who connects doesn't use them.

I was using the commercial NAT reserved range for a while added not that long ago but switched back to 172 since IPv4 is now on the thin line.



BDFL - Memuneh
58762 posts

Uber Geek
+1 received by user: 10157

Administrator
Trusted
Geekzone
Subscriber

  Reply # 766270 20-Feb-2013 10:43
Send private message

Ok, changed the range in the server side from 192.168.2.x to 192.168.10.x and changed option on VPN server configuration to "Enable this computer as a [x] IPv4 router (O) LAN routing only".

This fixed the issue with no need to add any new routes on the client side. I can now continue to access the Internet and have access to the LAN on the server side.





Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chow brothers plan to invest NZ$100 million in technology
Posted 24-Sep-2017 16:24

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33

FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53

Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51

Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39

If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54

Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07

OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56

Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48

Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37

Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45

Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40

Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27

NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16

Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.