I set up a Pepwave Surf Soho Mk3 last week, and I’m pretty impressed with it, although I’m having one problem.
When my laptop is connected to my LAN and I use a VPN, I can not reach services on LAN machines with static IP addresses (my file server and printer) — they don’t even show up on nmap and cannot be pinged. (I could connect to them and ping them in the same situation using the old router.) Devices using DHCP on the LAN are pingable. I’ve tried this with two different VPN services. I suspect that there is some router configuration option I have failed to find — any idea what it is?
Could someone from Peplink support please take a look at this and advise what I need to change in the configuration? I cannot use my fileserver or printer while I have a VPN connection at home.
Hi Adam. Best log a ticket for engineering to investigate as what you’re seeing doesn’t make much sense to me (or likely anyone else here - hence the lack of response).
Adam, I think you are saying the VPN connection is directly from your PC to the external VPN. That is, the Peplink device is not creating the VPN, your PC is doing it. If that is true, some types of VPN clients will be default separate you from the local LAN. The setting is commonly called Split Tunneling. At one time in the past I used a Cisco VPN client software, and when connected could not access my local LAN devices.
Please tell us what type of VPN connection you are using. If you are using the Windows built in PPTP client, the link below will show you how to select whether you want split tunneling or not.
Hi,
Yes, the problem occurs when my laptop (Linux) is on my LAN, either wired or wireless, and I connect to an external VPN. I have two VPN services, a work one that uses the Cisco compatible client (vpnc) and another that uses OpenVPN, and I get the same issue with both.
With the VPN off, nmap -sP 192.168.123.1-254 shows all the machines on the LAN (and I can ping them, print to the printer, and ssh into the server). When I connect to the VPN, nmap only detects the ones using LAN DHCP, so the server and printer (which have static LAN IP addresses) no longer appear, so I can’t ping them, print, or connect to my local server. (I have no reason to believe this is a fault — I’m still assuming that I have not quite configured the Surf SOHO correctly.)
I have not changed either of the VPN client configurations or the static IP configs on the server and printer since I started using the new router, and to the best of my knowledge, neither of the server configurations have changed.
What you describe is exactly what I suspected. The problem is your VPN client configuration. I don’t use Cisco or OpenVPN so I can’t tell you where the settings are, but there will be a setting somewhere on your VPN client software for this.
If you were using the Windows L2TP or PPTP client software the setting would be
control panel > network and sharing > change adapter settings
connection name > properties
networking tab > tcp/ipv4
advanced > Use default gateway on remote network
If the box is checked, everything goes to the remote network so your PC can’t see local LAN devices. If the box is un-checked everything stays local except traffic that requires the VPN.
I’m sure your vpn client software would have a similar feature possibly a different name. You are looking for Split Tunneling.
Don is correct on the Split Tunneling and I can add to the Cisco portion. If you want to have split tunneling enabled with a Cisco device, that must be configured on the ASA or Router you are VPN into. There is a section to configure to allow split tunneling. Have you tried to take the laptop home, VPN into the same site then ping a local device at you home? I suspect you will see the same results, that the tunnel is sending all traffic down the tunnel and not sending local traffic out your WAN.
I took a look at the “network” section of the router configuration and noticed this:
IP Settings
IP Address 192.168.123.1 255.255.255.0/24
DHCP Server
…
IP Range 192.168.123.129 - 192.168.123.254 255.255.255.128/25
(I had used ipcalc to make the DHCP IP range and mask match; I didn’t want the router’s DHCP server to allocate the low-numbered IPs that I use as static ones.) I changed the second mask to match the first, did “apply changes”, switched my laptop networking off and back on, and then everything started working as desired. Clearly I had misunderstood the function of the mask in the DHCP config.