Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersVPN split access anyone?


BDFL - Memuneh
67476 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

#114442 20-Feb-2013 08:32
Send private message

I am playing with a SSTP VPN access and have a problem accessing the Internet while connected to the VPN. 

The server won't route access to the Internet (and I don't want it to do it) which means that while connected to the VPN the client PC can access resources in the LAN but can't access the Internet. If I uncheck the advanced option in the IPv4 settings to not use the Gateway by default then I have Internet access but can't access the VPN resources.

Does anyone have a suggestion to fix this and have access to both resources while the VPN is connected? Something that wouldn't break things when the VPN is not active?

I am running the SSTP VPN server on a Windows Server 2012.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 

Create new topic
5971 posts

Uber Geek


  #766177 20-Feb-2013 08:37
Send private message

Were you using a Cisco SRP521? The current firmware has a VPN server in it that you could try instead, if this is at the same site.



BDFL - Memuneh
67476 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #766178 20-Feb-2013 08:39
Send private message

No, the servers are at the datacentre. I have a SRP521 but this is on my client side, so no use there.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 

 
 
 
 


Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  #766180 20-Feb-2013 08:39
Send private message

Seems like you need to add a route for the LAN subnet on the other side of that VPN link on your own machine.

Something like (pseudo code):

ROUTE ADD 192.168.0.0/24




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown



BDFL - Memuneh
67476 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #766181 20-Feb-2013 08:42
Send private message

Yes, I guess would need to add a route to the VPN on my client. I will probably need to change some of the stuff on my server side too as the server LAN uses the same subnet as my client LAN, so I don't want to mess up the addresses.

Right, will have to work a bit on this...





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 

653 posts

Ultimate Geek


  #766199 20-Feb-2013 09:10
Send private message

Yeah they won't work to well having the same subnet.

Another pet annoyance I've found with VPN's on Windows (at least XP and below, I don't have 7), that if your remote subnet is say 10.1.1.X/24 silly Windows still puts a route in for a /8 instead on the PPP/VPN interface based on the old class system. This is annoying especially when using say 10.0.0.X/24 as it'll put a route in for 10.X.X.X/8 instead and cause headaches if your local LAN is any address starting with 10 until you manually delete the route and put a /24 in.

edit: Was referring to the client side.



BDFL - Memuneh
67476 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #766201 20-Feb-2013 09:11
Send private message

Yes, later today I will change the Hyper-V Private Network configuration to a different subnet, reconfigure the VPN server, add a route to that and work from there...





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 

Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  #766202 20-Feb-2013 09:13
Send private message

I've found using the 172.16.x.x range being extremely helpful to avoid such problems, especially when connecting to multiple VPN endpoints at the same time.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

 
 
 
 


653 posts

Ultimate Geek


  #766215 20-Feb-2013 09:24
Send private message

Yes those 172.16/12 addresses are handy, I use them on my WiFi subnets as chances are someone who connects doesn't use them.

I was using the commercial NAT reserved range for a while added not that long ago but switched back to 172 since IPv4 is now on the thin line.



BDFL - Memuneh
67476 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #766270 20-Feb-2013 10:43
Send private message

Ok, changed the range in the server side from 192.168.2.x to 192.168.10.x and changed option on VPN server configuration to "Enable this computer as a [x] IPv4 router (O) LAN routing only".

This fixed the issue with no need to add any new routes on the client side. I can now continue to access the Internet and have access to the LAN on the server side.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 

Create new topic





Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chorus completes the build and commissioning of two new core Ethernet switches
Posted 8-Jul-2020 09:48

National Institute for Health Innovation develops treatment app for gambling
Posted 6-Jul-2020 16:25

Nokia 2.3 to be available in New Zealand
Posted 6-Jul-2020 12:30

Menulog change colours as parent company merges with Dutch food delivery service
Posted 2-Jul-2020 07:53

Techweek2020 goes digital to make it easier for Kiwis to connect and learn
Posted 2-Jul-2020 07:48

Catalyst Cloud launches new Solutions Hub to support their kiwi Partners and Customers
Posted 2-Jul-2020 07:44

Microsoft to help New Zealand job seekers acquire new digital skills needed for the COVID-19 economy
Posted 2-Jul-2020 07:41

Hewlett Packard Enterprise introduces new HPE GreenLake cloud services
Posted 24-Jun-2020 08:07

New cloud data protection services from Hewlett Packard Enterprise
Posted 24-Jun-2020 07:58

Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand
Posted 24-Jun-2020 07:10

Apple reveals new developer technologies to foster the next generation of apps
Posted 23-Jun-2020 15:30

Poly introduces solutions for Microsoft Teams Rooms
Posted 23-Jun-2020 15:14

Lenovo launches new ThinkPad P Series mobile workstations
Posted 23-Jun-2020 09:17

Lenovo brings Linux certification to ThinkPad and ThinkStation Workstation portfolio
Posted 23-Jun-2020 08:56

Apple introduces new features for iPhone iOS14 and iPadOS 14
Posted 23-Jun-2020 08:28


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.