Access to LAN while VPN client is running?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Access to LAN while VPN client is running?

Adam Funk-4
Hi,

Until recently, whenever I've used my laptop on my home NAT LAN with a
VPN client running, I've had access to the LAN machines (e.g., ssh).
Recently, that stopped --- i.e., I can't ssh or http into any local
machines with the laptop VPN client running.  The only thing I can
think of that has changed is that I switched the router functions of
my cable modem off and installed a PepWave router.  But I can't find
anything in the router configuration related to this, and the LAN was
accessible with the cable modem as router and with the Linksys router
before that (which died).  Any suggestions?

(This is on Ubuntu-MATE 17.04.)

Thanks,
Adam


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Access to LAN while VPN client is running?

Karl Auer
On Tue, 2017-10-31 at 09:47 +0000, Adam Funk wrote:
> Until recently, whenever I've used my laptop on my home NAT LAN with
> a VPN client running, I've had access to the LAN machines (e.g.,
> ssh). Recently, that stopped --- i.e., I can't ssh or http into any
> local machines with the laptop VPN client running.  The only thing I
> can think of that has changed is that I switched the router functions
> of my cable modem off and installed a PepWave router.  But I can't
> find anything in the router configuration related to this, and the
> LAN was accessible with the cable modem as router and with the
> Linksys router before that (which died).  Any suggestions?

If the only thing that changed was your router, it is unlikely that it
has affected your VPN. If it affected your VPN at all, it would most
likely be to stop it working altogether.

Important question: With the VPN *not* running, can you access the
local network?

Other important questions: What IP address does your ethernet (or wifi)
interface have when NOT on the VPN, and what address do you get from
the VPN?

Also, what VPN client are you using, where did you get it from, and who
controls the other end of the VPN? If it's a corporate VPN, they may
well have changed the configuration to require the clients to send all
traffic via the VPN, which cuts you off from your local LAN. Some
(rather foolish) network administrators think this improves security.
Or they may not require it as such, but they may send a default route
up the pipe which has the same effect.

Look in your local VPN configuration to see if you can control the
routes. Look for options to specify your own routes, ignore routes sent
by the remote, or to use the VPN for all traffic.

If you are using the Cisco-compatible Network Manager VPN plugin, for
example, you will find options under "IPv4 Settings -> Routes" to set
up specific routes, to "ignore automatically obtained routes" and to
"use this connection only for resources on its network". In other VPNs
these options may be named differently, but should still be reasonably
obvious.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Access to LAN while VPN client is running?

Adam Funk-4
On 2017-10-31, Karl Auer wrote:

> On Tue, 2017-10-31 at 09:47 +0000, Adam Funk wrote:
>> Until recently, whenever I've used my laptop on my home NAT LAN with
>> a VPN client running, I've had access to the LAN machines (e.g.,
>> ssh). Recently, that stopped --- i.e., I can't ssh or http into any
>> local machines with the laptop VPN client running.  The only thing I
>> can think of that has changed is that I switched the router functions
>> of my cable modem off and installed a PepWave router.  But I can't
>> find anything in the router configuration related to this, and the
>> LAN was accessible with the cable modem as router and with the
>> Linksys router before that (which died).  Any suggestions?

I discovered a bit later that even with the VPN client running, I
could ping & nmap the DHCP machines but not the static LAN IP
machines...

> If the only thing that changed was your router, it is unlikely that it
> has affected your VPN. If it affected your VPN at all, it would most
> likely be to stop it working altogether.
>
> Important question: With the VPN *not* running, can you access the
> local network?
...

It turns out I'd set the router configuration wrong.  I'd set the
router's own IP address to x.x.x.1 with 255.255.255.0 as the netmask,
and then set the DHCP to use range x.x.x.129 - x.x.x.254 with
255.255.255.128 as the netmask (based on a misunderstanding of the
purpose of the latter mask).  I changed the DHCP mask to 255.255.255.0
and everything works now as I'd expected.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users