Full tunnel question

[ggemelos]

I have a question regarding the behavior under full tunnel mode. In particular what happens when the remote and local LANs have the same subnet. For example:

Local (My company LAN with SSl-312)
gateway: 192.168.1.1
subnet: 255.255.255.0

Remote (Remote LAN from which users connect to VPN)
gateway: 192.168.1.1
subnet: 255.255.255.0

From my initial experimentation, it appears that after establishing a full tunnel from the remote LAN to the local LAN, if I try to connect to a computer on the 192.168.1.xxx network I am directed to the local LAN and not the remote LAN. I was under the impression that all traffic would be directed down the VPN tunnel to the remote network. Am I wrong in my understanding?

With other VPN products I have dealt with before, such as OpenVPN, all traffic, even if it where to conflict with the remote users subnet gets forwarded down the VPN to the local LAN. Otherwise, the VPN is only useful if you ensure that your remote users never use a LAN which conflicts with the local subnet.

[ggemelos]

Here is some more configuration information:

* Full tunnel enabled
* VPN issues IPs 192.168.1.5 - 192.168.1.50 (same subnet as local LAN)
* No routes defined

[adit]

This is another prime reason to never use common (default) subnets.

192.168.0.x
192.168.1.x
192.168.2.x
10.0.0.x

The routing in the SSL is performing correctly. What would happen if both you and another PC had the same IP? There would be a routing issue.


There are only certain routers that allow you to have the same subnet on 2 different networks. Those routers maintain a table of what IPs are on each side. Netgear does not support this.