Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsIT Pro and developersVPN split access anyone?


BDFL - Memuneh
60331 posts

Uber Geek
+1 received by user: 11360

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 114442 20-Feb-2013 08:32
Send private message

I am playing with a SSTP VPN access and have a problem accessing the Internet while connected to the VPN. 

The server won't route access to the Internet (and I don't want it to do it) which means that while connected to the VPN the client PC can access resources in the LAN but can't access the Internet. If I uncheck the advanced option in the IPv4 settings to not use the Gateway by default then I have Internet access but can't access the VPN resources.

Does anyone have a suggestion to fix this and have access to both resources while the VPN is connected? Something that wouldn't break things when the VPN is not active?

I am running the SSTP VPN server on a Windows Server 2012.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.

Create new topic
4811 posts

Uber Geek
+1 received by user: 1493


  Reply # 766177 20-Feb-2013 08:37
Send private message

Were you using a Cisco SRP521? The current firmware has a VPN server in it that you could try instead, if this is at the same site.



BDFL - Memuneh
60331 posts

Uber Geek
+1 received by user: 11360

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 766178 20-Feb-2013 08:39
Send private message

No, the servers are at the datacentre. I have a SRP521 but this is on my client side, so no use there.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.

Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Subscriber

  Reply # 766180 20-Feb-2013 08:39
Send private message

Seems like you need to add a route for the LAN subnet on the other side of that VPN link on your own machine.

Something like (pseudo code):

ROUTE ADD 192.168.0.0/24




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown



BDFL - Memuneh
60331 posts

Uber Geek
+1 received by user: 11360

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 766181 20-Feb-2013 08:42
Send private message

Yes, I guess would need to add a route to the VPN on my client. I will probably need to change some of the stuff on my server side too as the server LAN uses the same subnet as my client LAN, so I don't want to mess up the addresses.

Right, will have to work a bit on this...





Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.

621 posts

Ultimate Geek
+1 received by user: 121


  Reply # 766199 20-Feb-2013 09:10
Send private message

Yeah they won't work to well having the same subnet.

Another pet annoyance I've found with VPN's on Windows (at least XP and below, I don't have 7), that if your remote subnet is say 10.1.1.X/24 silly Windows still puts a route in for a /8 instead on the PPP/VPN interface based on the old class system. This is annoying especially when using say 10.0.0.X/24 as it'll put a route in for 10.X.X.X/8 instead and cause headaches if your local LAN is any address starting with 10 until you manually delete the route and put a /24 in.

edit: Was referring to the client side.



BDFL - Memuneh
60331 posts

Uber Geek
+1 received by user: 11360

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 766201 20-Feb-2013 09:11
Send private message

Yes, later today I will change the Hyper-V Private Network configuration to a different subnet, reconfigure the VPN server, add a route to that and work from there...





Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.

Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Subscriber

  Reply # 766202 20-Feb-2013 09:13
Send private message

I've found using the 172.16.x.x range being extremely helpful to avoid such problems, especially when connecting to multiple VPN endpoints at the same time.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

621 posts

Ultimate Geek
+1 received by user: 121


  Reply # 766215 20-Feb-2013 09:24
Send private message

Yes those 172.16/12 addresses are handy, I use them on my WiFi subnets as chances are someone who connects doesn't use them.

I was using the commercial NAT reserved range for a while added not that long ago but switched back to 172 since IPv4 is now on the thin line.



BDFL - Memuneh
60331 posts

Uber Geek
+1 received by user: 11360

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 766270 20-Feb-2013 10:43
Send private message

Ok, changed the range in the server side from 192.168.2.x to 192.168.10.x and changed option on VPN server configuration to "Enable this computer as a [x] IPv4 router (O) LAN routing only".

This fixed the issue with no need to add any new routes on the client side. I can now continue to access the Internet and have access to the LAN on the server side.





Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12

New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17

Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41

Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44

Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52

ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10

Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43

Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14

UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55

Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09

Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00

D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30

New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17

Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14

Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.