Question about connecting to networks through VPN with the same local IP structure

Discussion in 'Networking & Security' started by ComputerBox34, Aug 27, 2013.

  1. ComputerBox34

    ComputerBox34 Right in the Box

    Messages:
    10,889
    Joined:
    Nov 12, 2003
    I setup a clients office with the same IP structure as the one I did on my own personal network (10.0.1.x/255.255.255.0). When I connect to his network via L2TP/IPSEC VPN, this poses a problem when I try to hit something on his network - Windows defaults to looking on my own network.

    Is there a way to force windows to go out over the VPN or even change the IP structure of the network locally on the machine - for instance 10.0.2.x that translates to 10.0.1.x on the remote network?
     
  2. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    You can NAT between the two but it can get a bit ugly.
     
    Last edited: Aug 27, 2013
  3. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,001
    Joined:
    Oct 6, 2002
    You have an entire Class A, 16 Class Bs and 256 Class Cs available to you, and you *know* it's going to interfere. Change your address scheme. Good lord.
     
  4. gimp

    gimp [H]ardForum Junkie

    Messages:
    9,849
    Joined:
    Jul 25, 2008
    or disable split-tunneling on the VPN client, so that it can't access your network when you're connected to the VPN tunnel?
     
  5. Phog

    Phog Limp Gawd

    Messages:
    275
    Joined:
    Aug 21, 2012
    Yep.
     
  6. RocketTech

    RocketTech 2[H]4U

    Messages:
    2,359
    Joined:
    Oct 7, 2009
    You could double-NAT, but smart money is on changing address scheme on one end or the other. I use 172.16[-31].(2 or 3 digit ZIP).network for businesses I manage. 172 address space is comparatively rare, as most use 10.x.x.x or 192.168.x.x. Use something uncommon in the 10.x.x.x range on your own network, say 10.198.207.1 and I would be surprised if you EVER have a network collision. It would be ok to use the same 172.16.x.nnn for networks that will never connect- say businesses with separate owners, but I like to use discrete addresses for businesses to avoid my own confusion.
     
  7. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    ..or just go with something different than 192.168.1.X/24 , 192.168.0.X/24
    //Danne