Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 7 subscribers
  • Views 1312 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Found VPN issues Again

Joe Gellen

Hi,

I have setup an SSL VPV with access to the Internet and remote LAN resources.

When I connect the VPN using a Wi-fi connection, I cannot access remote LAN resources. However, if I connect to the VPN over a cellular connection, I can connect to the remote LAN resources with no issues.

I can't seem to figure out what is going on but it seems like it may be an issue with the IP? I used the default UTM IP range for the VPN. My remote LAN uses the 192.168.1.x range.

Is it possible that when I connect through Wi-fi and get a Wi-fi IP that is similar to my remote LAN (192.168.1.x) that when I attempt to access remote LAN resources the routing gets confused thinking I am looking for a resource on the Wi-fi and not the remote LAN?

Does anyone know how to resolve this issue?

Thanks & Regards,

Joe Mobdro



This thread was automatically locked due to age.
Parents

  • Hi Joe Gellen,

    the problem is the same networks you use.

    your local network is the same as your remote network.

    So if you try to access 192.168.1.x your pc tries to get this via local interface and not over the vpn.

    To solve this issue you must change your network at home (easily) or your remote network at work(maybe complex).

    Best Regards
    DKKDG

  • in reply to DKKDG

    Besides changing one of the networks, you could also NAT all traffic over a different subnet (may also be complex if you don't know how to do this or what really happens).

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • in reply to apijnappels

    Agreed with apijnappels - the 1-to-1 NAT solution is possible if you can implement on both the home & office UTMs.  It's a quick, inelegant solution and the reality is that you should change one of the networks.

    My usual recommendation is for internal subnets to be in the 172.16.0.0/12 range.  Reserve 192.168.0.0/16 for public hotspots and home users.  Reserve 10.0.0.0/8 for giant multinationals, ISPs, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • in reply to apijnappels

    Agreed with apijnappels - the 1-to-1 NAT solution is possible if you can implement on both the home & office UTMs.  It's a quick, inelegant solution and the reality is that you should change one of the networks.

    My usual recommendation is for internal subnets to be in the 172.16.0.0/12 range.  Reserve 192.168.0.0/16 for public hotspots and home users.  Reserve 10.0.0.0/8 for giant multinationals, ISPs, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML