[plug] vpn breaks home network

Adrian Chadd adrian at creative.net.au
Sun Dec 9 12:06:49 WST 2007 

You've missed the obvious bit - what IP address are you assigned on the
VPN?

"most" unreachable issues relating to VPNs stem from the local network
address range clashing with the VPN address range. The VPN client will
(usually) install a host (specific) route pointing the VPN server IP
at your default gateway, and then rewrite your default route.

If you're assigned a 192.168.1.X IP address on your VPN then things
could get a bit crazy.

And "Enable Local LAN access" too.. :)



Adrian

On Sun, Dec 09, 2007, Rob Dunne wrote:
> Hi list,
> 
> I have a little home network with a ASDL2+ modem, a hub and
> two computers with IP addresses 192.168.1.100 (plastic)
> and 192.168.1.13 (lycra)
> 
> It all works well until I start up cisco vpn on plastic. The vpn
> works but I can not see lycra any more.
> 
> I think what I need is a "VPN pass-through" on the modem. Does this
> sound right?
> 
> The vpn gives the following information when it starts up.
> Client address: 130.155.80.7
> Server address: 150.229.98.10
> Encryption: 256-bit AES
> Authentication: HMAC-SHA
> IP Compression: None
> NAT passthrough is active on port UDP 10000
> Local LAN Access is disabled
> 
> The modem (iconnectAccess621) has an IP Forwarding menu
> that has VPN with IPSEC L2TP -- which (if I understand it)
> sets up the following
> Protocol PortStart PortEnd PortMap
> UDP  500   500   500
> ESP   *     *     *
> UDP 4500   4500   4500
> 
> turning this on doesn't fix the problem. Perhaps because the
> vpn is expecting "NAT passthrough" on "port UDP 10000"?
> 
> I have tried to set this up as a "Custom Port Forwarding" with
> Source IP 150.229.98.10
> Mask 255.255.255.0
> Destination IP 130.155.80.7
> Mask 255.255.255.255
> Port Start 10000
> Port End 10000
> Port Map 10000
> Protocol UDP
> 
> but I am really just guessing here. Is the "source" the server at work
> or the modem or what?
> 
> any pointers received gratefully!
> 
> Bye
> Rob
> 
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

More information about the plug mailing list