Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Dec 2017
    Location
    Chicagoland
    Posts
    2

    Default VPN from VLAN failing

    I'm trying to setup a site to site VPN from my house to a site at work but it's only working part of the way.

    Work IP ranges
    192.168.1.0/24, 10.1.254.0/24

    Home IP ranges
    192.168.1.0/24 (home stuff), and 192.168.75.0/24 (secure VLAN)
    I'm only trying to get this tunnel to work from the 192.168.75.x/24 range and that same range does not need any access to the local (home equipment) 192.168.1.0/24

    VLAN is fine; I'm receiving the correct 192.168.75.x IP address. When I setup the IKEv2 with 10.1.0.0/16 I can access all of those resources just fine. When I add the 192.168.1.0/24 to the VPN Remote Network group I can then access those resources just fine. However, when the 192.168.1.0/24 network is added, all of my current "home stuff" gear goes offline. I know it's not good practice to have the same networks on both sides, but I figured with a VLAN segment on a different range it would be OK.

    What am I missing?

    As a side note, when I have 10.1.254.0/24,192.168.1.0/24 in the Remote Network it seems to only take the first network range (10 network) and leaves off the second (192 network).

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,804

    Default

    You can't have IP address conflicts.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Dec 2017
    Location
    Chicagoland
    Posts
    2

    Default

    Wouldn't the VLAN with another range fix that? I'm only advertising 192.168.75.x over to the company systems of 192.168.1.x and 10.1.254.x. Or does all the routing go through the main "internal" interface which is where the IP conflict would be?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,804

    Default

    routing doesn't go through any interface - routing is done via a routing table and rules. You can view it in config > network.
    If the routing table says to send packets for 192.168.1.x through a tunnel, thats where they are going to go, even if they were a reply to a device on the "home network" - hence those devices being offline.

    You can't have IP address conflicts.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2