[SATLUG] OT: Network + VPN question

John Pappas j at jvpappas.net
Thu Oct 16 11:48:18 CDT 2008


On Wed, Oct 15, 2008 at 23:19, Tweeks <tweeksjunk2 at theweeks.org> wrote:

> On Wednesday 15 October 2008 02:25:38 pm twistedpickles wrote:
> > When I VPN into the office and I am on a local network with similar class
> > range as the office i.e. Private Class A I have trouble accessing
> > resources.
>
> Make sure that your subnet is set tightly enough so that the traffic to the
> office (afterstarting he VPN) will be sent to your gateway to access the
> office machines.


There is not a lot of detail here, but the VPN type makes a difference, as
would DNS (if the "resources" are name-resolved), so here are my thoughts:

I assume the local VPN client pulls down an IP that should be on the remote
LAN (did not sound like a GW->GW VPN scenario).  Some VPN clients have
policies that remove access to the local network while they are connected
(ie Cisco) so in that case, your system has logically been consumed by
remote network.  IN some cases (pptp) you can specify which gateway to use.


>  Also.. check the output of "route" to ensure that your
> VPN is setting up your route correctly to route to your tun: (or equiv)
> virtual VPN interface.


Along with `route -n` (or route print in wondows) I would figure out which
DNS system you are using for name resolution, further, if the DNS is split
horizon or other such thing, this is slightly more complicated.

So to troubleshoot:

   1. Route - make sure that your routing allows for full communication
   2. Ping/Traceroute - Use to verify routing
   3. ipconfig/resolv.conf - make sure that the names are being looked for
   in the right places
   4. nslookup/dig - verify that the names are being resolved properly.

During troubleshooting, use only IPs first, and then move to FQDN to
eliminate DNS resolution issues, just so that you can make sure that your
traffic is traversing the network properly.


> I've found both issues to be to blame in poorly set up configs.. or even
> more
> common.. that the home LAN and office LAN are using the SAME network and
> traffic also never makes it off your LAN to the office LAN.  That can do
> several strange things depending on your networking gear setup.
>

Yep, the 192.168.x.0/24 has a much higher probabliltiy of collision than a
more random (10.231.x.0/24) network selection, especially if you roam from
Wifi hotspot to another.  Also, some networks will not let VPN traffic leave
the network (ie VPN -> Remote Net -> Internet), usually this is a firewall
misconfig rather than intent, but sometimes...


> Anyone else seen this problem before?
>

Probably, but I am not 100% sure what the problem is, more information would
certainly help diagnose and pinpoint the problem.

HTH,
jp


More information about the SATLUG mailing list