Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Conflicts between Public Wi-Fi IP Address and internal LAN (through VPN)

Hello,

Today I found a case that I've intermittently found in the past, but I decide to bring it up in the forum and try to find a permanent solution. 

 I connected to a public WiFi network with an iPad. The network provided the following through DHCP:

IP: 10.157.180.98

Mask: 255.0.0.0

Gateway: 10.128.128.128

When connecting to my network through SSL-VPN, I was provided with an IP address in the 172.16.0.0 /24 segment:

IP: 172.16.0.20

Mask: 255.255.255.0

Gateway: 172.16.0.1

However, my internal LAN is in the 10.0.0.0 /24 segment. 

As expected, accessing local network resources didn't work, due to the public Wi-Fi IP Assigned to the device and its mask (255.0.0.0). (I want to force all traffic to be routed through the VPN when connected to it).

Based on all this, how can I address the conflict (due to the device's DHCP provided address and mask conflicting with my internal network segment) without changing my LAN's network segment (of course), and given that I can't control the public Wi-Fi's IP address I get?

The first thing that comes to mind is to have the VPN write a route to the iPad's routing table with a lower metric than the Public WiFi's network (and that wil force all traffic to go through the VPN).   

If I connect to the VPN from a network that uses a different network segment (DHCP providing addresses in the 172.16.x or 192.168.x ranges), everything works as expected.

Thanks!



This thread was automatically locked due to age.