Archived from groups: microsoft.public.windowsxp.work_remotely (
More info?)
Post your routing table... If you are accessing machines using the
VPN gateway, which is what you are saying is happening, you will not
be able to access local machines (on the same subnet) without at least
a timeout...
The point is that this is a convoluted solution and the best option is
to not operate on the same subnet if at all possible.
Trying your scenario on a Virtual PC setup does not work in my case
when I have the Use the default gateway option set - I have
connectivity to the VPN environment, but not to my local LAN... With
the default gateway disabled, I have access to the LAN, but no VPN
access.
Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com
Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....
Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone -
http://www.microsoft.com/windowsxp/expertzone
On Sun, 02 May 2004 21:00:55 GMT, spam@spam.com (Bob) wrote:
>On Sat, 01 May 2004 23:28:14 -0500, "Jeffrey Randow (MVP)"
><jeffreyr-support@remotenetworktechnology.com> wrote:
>
>>In summary, if you are willing to lose all LAN connectivity while on
>>the VPN, you can perhaps coexist on the same subnet.. However, all
>>internet accesses, etc., will go over the VPN link, not directly out
>>of your computer...
>
>Wrong, at least on my setup.
>
>There are two Win2K machines, one named "vpnserver" at a remote
>location behind a Linksys BEFSR41 router with LAN address 192.168.1.10
>and the other named "vpnclient" at home behind a Linksys BEFSR41
>router with LAN address 192.168.1.10. I am on the home machine.
>
>The VPN server software is set up to allow a range of addresses
>192.168.1.100 - 192.168.1.200 and to permit the VPN client to specify
>its VPN IP address. The VPN client software is set up to ask for
>192.168.1.125. All IP addresses, both LAN and VPN are static.
>
>There is a third machine which is on the home LAN with static IP
>address 192.168.1.20. It's name is irrelevant.
>
>The home machine \\vpnclient connects to the remote machine
>\\vpnserver successfully. I look in the STATUS|Details page of the VPN
>client icon sitting in the tray. It says that the VPN server is
>192.168.1.100 and the VPN client is 192.168.1.125 - both as expected.
>
>I access the remote server at \\192.168.1.100 (I would use the NetBIOS
>name \\vpnserver but that is not always reliable because although I do
>have a HOSTS table entry for reasons I do not understand it does not
>always work.) I can access the machine by using:
>
>Start|Run|\\192.168.1.100
>
>RightClickDesktop|New|Shortcut|\\192.168.1.100
>
>The shortcut method is preferred because it leaves you with a
>permanent window to access the remote machine again later.
>
>OK, so far so good. I am connected to the remote machine over the VPN
>amd I can access the shares on the remote machine. There is a
>directory built specifically for me to use called c:\vpnclient and I
>have full permission to use it. I create a text file and put it in
>that directory. There are also some other directories I have read-only
>permission which I can download files from. Everything works as
>expected.
>
>Now I try to access the local area machine on my LAN, the one with IP
>address 192.168.1.20. I use the same method of accessing shares
>described above and sure enough I have access in a window just like I
>would have when I am not connected to the VPN. Clearly I have not lost
>all LAN connectivity as you claim.
>
>That's because the address space in the subnet has been split into two
>regions and each region is bound to the appropriate adapter. The
>system knows where to send packets based on those bindings.
>
>If the IP address is below 192.168.1.100 or above 192.168.1.200, then
>the system knows to send the packets to the LAN adapter, as if there
>is no VPN.
>
>If the IP address is in the range 100 - 200, then the system knows to
>send the packets to the VPN adapter, in which case the system knows
>how to send them thru the VPN tunnel.
>
>>Browse to the Router's admin interface... On the main config page,
>>you can change the LAN IP Address of the router.. If you want, you
>>can change it to 192.168.2.x, or whatever... Let the router reboot,
>>and then release and renew the IP address for your computer (ipconfig
>>/release and ipconfig /renew). The router will then assign you an
>>address on the new LAN network (i.e., 192.168.2.x)... Every router I
>>have seen offers this ability, so I don't understand why this is an
>>issue.
>
>It's not an issue. It's something I was never aware of because I never
>played with it. But thanks for the heads up - it is useful to know.
>
>>I'm not missing that... The metrics determine which route to take..
>
>OK, let's ask this question.
>
>What if I set up the VPN server and the VPN client so that the allowed
>range of addresses is 192.168.2.100 - 192.168.2.200 and the particular
>client address is 192.168.2.125, but I do not change anything else. I
>do not change the router, I do not change the LAN parameters - I just
>change the VPN parameters.
>
>What would happen then?
>
>Presumably I would get a conflict because when I connect the
>\\vpnclient machine to the \\vpnserver's LAN thru the VPN tunnel, it
>becomes a member of the \\vpnserver's LAN. Therefore it would seem
>that it needs the same subnet. Nevertheless I will experiment with
>that when I get time.
>
>In the meantime, I can access the machine on my LAN and the machine on
>the VPN at the same time without any problems other than the usual
>trouble with using NetBIOS names, which is a Win2K problem because
>there is no place in the VPN software to enable NetBIOS like there is
>in the VPN for XP.