Thread Info
  • State Not Answered
  • Replies 12 replies
  • Subscribers 7 subscribers
  • Views 7958 views
  • Users 0 members are here
Options
Suggested

BUG - SSL VPN Default Gateway Broke

Wesley Heydlauff1

I have setup a user remote access SSL VPN the default gateway option does not work

This is Critical

 

to reproduce this i have a network that is 192.168.1.X I have the user connect to VPN the users home network is 192.168.1.X I have set the settings to use the VPN as the default gateway. It does not create the route on the VPN connection and i am not able to see any network resources. if i manually create a network route like route add 192.168.1.0 255.255.255.0 Gw (VPNIP) metric 10 than the Traffic will flow correctly. the Server is not pushing that route through to the client.

  • 0 in reply to Wesley Heydlauff1

    Just because it works at a hotel doesn't make it a good idea, having the same subnet on both ends of a VPN is NEVER a good idea. As for the SSL VPN Client or SSL VPN site-to-site there is little difference between the two, one has a router at each end, the other has a router on one end and a PC running VPN client software at the other. Technically once you start defining static routes at the PC end the PC is acting as a router. The fact still remains that once you have two identical networks connected together across a VPN tunnel nothing good can come of it. Sure, it might work sometimes, until things start going haywire because two devices on either side of the tunnel share the same IP address. For example, say your PC at the remote end has the address 192.168.1.10, at the host end there is also a device, say a printer, which has the same IP. How will a device you are trying to communicate with from your remote PC know whether you are a PC on the end of a VPN tunnel or the printer that is on its own LAN? Short answer, it won't, it will look at it's ARP table and see the MAC of the local printer and route the packets accordingly. You might say, well won't it go to it's default gateway to find out where to send the packets? The answer is NO, the default gateway is there to route anything that is NOT on the local subnet, any traffic destined to the same subnet goes directly to the device, no routing required. 

  • 0 in reply to PMStuart

    yes and that is what does not seem to be working in V18 latest release

Unfiltered HTML