Connect by VPN when local and remote networks use identical address ranges

networking vpn ip wireless-hotspot
6,817

TL;DR

Use a travel router. Configure it to assign your laptop an IP address in the IP subnetwork 10.15.15.0/24. Also, make sure the DHCP lease it hands out specifies itself as the DNS server.

Nothing Works™ when a device has two network interfaces connected to overlapping IP subnetworks

When connected to a VPN your computer has two network interfaces:

  1. Wi-Fi adapter
  2. VPN adapter

The problem you're experiencing is caused by both of these interfaces claiming they are the correct destination for the 192.168.1.0/24 IP subnetwork. In a typical configuration, the interface with the lowest interface metric (usually the one with the highest bandwidth) will win the tie and get the traffic. That means traffic you want to be sent through the VPN adapter is actually getting sent to the Wi-Fi adapter.

There are cases where it's fine to have two interfaces pointing to the same network. For example, a laptop that's connected to a certain network via wired and wireless interfaces is one such configuration. However, in this case the destination network is the same regardless which network adapter is used to access it...so things work fine.

The travel router is a good idea

If you're able to connect your Wi-Fi adapter to any IP subnetwork other than that used by your VPN's remote network, you'll avoid the problem described above. Note that this new network cannot overlap the VPN network in any way, i.e. 192.168.0.0/16 won't work since that includes the 192.168.1.0/24 range. Fortunately you can control this by configuring the travel router's local IP subnetwork settings to be something like 10.15.15.0/24. It should go without saying, but it's important that the travel router's WAN interface be connected to the Wi-Fi hotspot, otherwise your laptop will still end up communicating directly with the 192.168.1.0/24 subnetwork.

When connected to your travel router your Wi-Fi interface should have an IP such as 10.15.15.2/24. Therefore connections to IP addresses in the 192.168.1.0/24 network will go directly to the VPN adapter because your laptop has no clue what network range exists on the WAN interface side of your travel router.

One last requirement is that your travel router configure your laptop to use itself as the DNS server. The router should pass on DNS requests to the Wi-Fi hotspot's DNS servers. If you don't do this, your laptop might get a DNS server like 192.168.1.1. As explained before, while on the VPN your laptop would expect to find this in the VPN's network, resulting in DNS requests not being properly resolved.

Share:
6,817

Related videos on Youtube

Matt Alexander
Author by

Matt Alexander

Updated on September 18, 2022

Comments

  • Matt Alexander
    Matt Alexander over 1 year

    As part of my work I connect to a VPN that uses the 192.168.1.* address range on the remote network. Often I connect from public WiFi hotspots that I rarely have control over their configuration. The hotspots are not within the organization. They are public hotspots, in coffee shops, hotels, etc.

    The problem I have is that sometimes the WiFi hotspot uses the same 192.168.1.* address range.

    Usually my solution is to pull out my phone and use its portable hotspot, but that can get pricey, especially if I'm roaming.

    To avoid using my phone, I bought a travel router and configured it to provide a private subnet with IP address range 192.168.2.* so even if the greater WiFi hotspot was 192.168.1.*, I would avoid a conflict.

    Even after I changed the IP address range for the router to 192.168.2.* the conflict still seemed to be happening. Perhaps the network that my subnet was a part of (192.168.1.*), was still conflicting with the VPN somehow? I'm not sure. And I could not find any resources on the Internet to help me with this specific problem.

    I have since lost that router and I'm looking to replace it. But before I do, I want to be sure that I am able to fix my VPN address conflict problem.

    How can I connect to a VPN that uses the same IP address range as the local network I'm connecting from?

    EDIT:

    • I am using a Mac.
    • I'm using the org-provided VPN client, SonicWall Mobile Client.
    • I'm not sure which IP address exactly is causing the conflict. There are a bunch of 192.168.1.* addresses in the organization. How can I find that out?
    • I cannot request that my org change their VPN range to something more obscure.
    • The VPN subnet mask is 255.255.255.0
    • I do not access the internet through the VPN.
    • I have not everbeen able to access any of the resources I need on the VPN network during conflict, but it is possible perhaps that there are resources that are still accessible that I didn't know about or test.
    • harrymc
      harrymc over 6 years
      More info required: Are you using Windows? What is your VPN client? Which 192.168.1.* addresses cause conflict? Are you just asking for a travel wifi router model that allows configuring the DHCP range (almost all do)?
    • Matt Alexander
      Matt Alexander over 6 years
      @harrymc I am using a Mac. I'm using the provided VPN client, SonicWall Mobile Client. -- I'm not sure which IP address is causing the conflict. There are a bunch of 192.168.1.* addresses in the organization. How can I find that out? -- As I explained in my question, I did configure the DHCP range, but it still was conflicting for some reason.
  • Matt Alexander
    Matt Alexander over 6 years
    How do I add host routes to my laptop to point into the tunnel? By the way, I need to wait until the next time I'm on a conficting hotspot, but then I'll test and mark this answer solved if it works.
  • Matt Alexander
    Matt Alexander over 6 years
    As I stated in my question, I do not have access to the network configuration of either the VPN or the Wifi hotspots that cause the conflict.
  • harrymc
    harrymc over 6 years
    The poster says he did already configure the DHCP range but that didn't help, which I think is somewhat impossible. I don't think that we have enough info for analyzing the problem.
  • I say Reinstate Monica
    I say Reinstate Monica over 6 years
    @harrymc I agree it's uncertain why the OP had trouble with this. Nonetheless it's a proper solution and needs to be put forward as such.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

pptpd VPN: No internet access after connecting
Configuring always-on VPN on Android using a server domain name instead of a server IP address
How to use my static IP outside the network?
How to ensure Internet access is only via VPN
If I download torrents while using a VPN, how do trackers know my real IP?
Problem with persistent routes and VPN connection in Windows 7
Correct Network IP addressing if your users have ability to VPN in
Under what circumstances is TCP-over-TCP performing significantly worse than TCP alone (2014)?
How Does a VPN Manage Local IP Addresses
multiple default gateways for alias interfaces