VPN problem (yet again)

[Cogman]

So the VPN is setup, working, and remote hosts can connect in. Here's the problem. When they connect, some hosts uses the same addressing scheme as my VPN is assigning out (192.168.1.x). How can I tell the computers on the vpn that Yes I really do want to us the VPN network and not their local network.

IE

Their network address = 192.168.1.3
Their VPN address = 192.168.1.100
The servers address = 192.168.1.50

When I try and connect them to the servers IP, there computer shoots out flames and says the server doesn't exist.

 

[imagoon]

Eww. From what I remember (and the reason I reassigned my entire company to a 10.x.x.x in the end), you need to basically set up a reverse NAT that makes your server look like it is in a different range. You then need to hand out the natted addresses in the VPN. You will need NAT translations for all the servers that need to be accessed.

We used a cisco 17xx series to do all this since it was only over a T1. 192.168.1.x would be on the "inside" of the router something like 192.168.10.x is on the outside. The vpn device / tunnel connects to outside.

VPN hands out 192.168.10.x address, via dhcp relay from the router (if you want.)

You would then do NAT mappings from outside to inside of something like outside 192.168.10.50 > 192.168.1.50.

It was a mess but it worked for years until we needed to do some more advanced things that were very NAT unfriendly.

 

[TheKub]

Easy:
Change your VPN address range.

No so easy:
Otherwise you can add custom routing that specifies your server IPs and the needed gateway for every connected client.

 

[Cogman]

Originally posted by: TheKub
Easy:
Change your VPN address range.

No so easy:
Otherwise you can add custom routing that specifies your server IPs and the needed gateway for every connected client.

Easy it is! I just don't like telling my boss that the server address changed.... Yet again 🙂. At least they are still impressed that I got the thing up and running.