Access to LAN while VPN client is running?

Karl Auer kauer at biplane.com.au
Tue Oct 31 11:02:35 UTC 2017 

On Tue, 2017-10-31 at 09:47 +0000, Adam Funk wrote:
> Until recently, whenever I've used my laptop on my home NAT LAN with
> a VPN client running, I've had access to the LAN machines (e.g.,
> ssh). Recently, that stopped --- i.e., I can't ssh or http into any
> local machines with the laptop VPN client running.  The only thing I
> can think of that has changed is that I switched the router functions
> of my cable modem off and installed a PepWave router.  But I can't
> find anything in the router configuration related to this, and the
> LAN was accessible with the cable modem as router and with the
> Linksys router before that (which died).  Any suggestions?

If the only thing that changed was your router, it is unlikely that it
has affected your VPN. If it affected your VPN at all, it would most
likely be to stop it working altogether.

Important question: With the VPN *not* running, can you access the
local network?

Other important questions: What IP address does your ethernet (or wifi)
interface have when NOT on the VPN, and what address do you get from
the VPN?

Also, what VPN client are you using, where did you get it from, and who
controls the other end of the VPN? If it's a corporate VPN, they may
well have changed the configuration to require the clients to send all
traffic via the VPN, which cuts you off from your local LAN. Some
(rather foolish) network administrators think this improves security.
Or they may not require it as such, but they may send a default route
up the pipe which has the same effect.

Look in your local VPN configuration to see if you can control the
routes. Look for options to specify your own routes, ignore routes sent
by the remote, or to use the VPN for all traffic.

If you are using the Cisco-compatible Network Manager VPN plugin, for
example, you will find options under "IPv4 Settings -> Routes" to set
up specific routes, to "ignore automatically obtained routes" and to
"use this connection only for resources on its network". In other VPNs
these options may be named differently, but should still be reasonably
obvious.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B

More information about the ubuntu-users mailing list