I have a Surf Soho setup at home on a fiber connection. I don’t have a complex setup, just a single vlan. I setup the “Advanced” > “Remote User Access” page with…
l2tp with ipsec (checked)
listen on: WAN and another checkbox on the interface ip
connect to network: my vlan name
I setup my OS X Sierra laptop, connected via wifi to a verizon mifi (so outside my home network). I setup the built in Network settings L2TP connection, and that works. I can connect. My traffic to outside sites works, 10mbps even. I get a DHCP address like 192.168.1.20.
But when I try to access something on my network, 192.168.1.8 for example (tcp 443), and I can’t connect.
I did some searching, and saw that I need some type of layer 2 settings. The only way to get the “Layer 2 PepVPN Bridging” is to enable multi-vlan view with the question mark, and then click on help in the network settings box. (Pretty bad UX in my opinion).
Once I get that, I don’t see any pepvpn profiles to bridge. How do I get one of those? Is that what I am missing to make this work?
Just to check, is you local IP network 192.168.1.0 and the network you are connecting to also 192.168.1.0?
You don’t need layer 2 VPN - in the Peplink world that’s used exclusively for site to site (rather than remote user) VPN tunnels.
What I suspect is going on is that when you connect to the remote network you are assigned an IP address from it and that IP address is in the same range as your local network. By default a L2TP VPN has an option ticked that says ‘send all traffic over VPN connection’ this means that your internet access goes out over the VPN via the remote network and also any attempt to access any 192.168.1.x address will go that way too.
You can disable that routing and set up what is known as split tunnelling where only the traffic that needs to goes over the VPN (ie traffic destined to devices at the remote site) but you can only configure that if the subnets on your local LAN are different to those on the remote LAN.
Or are you saying that you can connect to the VPN get given an IP address in the remote subnet and you can’t access devices on the remote subnet. In which case its a different issue entirely.
ok, so they both have the same network. Same ip range. I can’t change it on my mifi, and I wont have a choice at some other networks (which I don’t control).
I do have “send all traffic over VPN connection” enabled, but that doesn’t help. (The 192.168.1.8 I want to access is on my home network btw)
Ah I see now. So the only way you can mitigate this issue if overlapping subnets (where you can’t change the subnet ranges of course) is to add a static route for the targeted IP so that any traffic sent to that IP address is forced via the PPP/VPN interface rather than the local network interface.
I’m not a MAC user. Let me see if I can find an example…
And I also have the VPN interface set as the highest priority as it suggests. Still isn’t working.
The really confusing thing is how I keep getting 192.168.1.36 for my vpn client IP, but a laptop on my home network already has that IP. This makes no sense to me.
I’ll keep messing with it, but that isn’t working so far.
You can’t route the whole subnet via the VPN since you still need to communicate with the MiFI. Also check the name of your VPN interface it might not be ppp0.
Still think the shell script above is most likely to work as it dynamically uses whatever name the OS gives the PPP interface when it builds the client VPN.
I managed to change my verizon mifi to have a 10.10.10.x setup… and now things work as I expect.
So I just need to learn more about the route stuff and figure out if its possible to also make it route 192.168.1.x while also on a network using that set of IPs.
I have “Send all traffic over VPN connection” selected. On my client, I have 10.10.10.2 from my mifi, and 192.168.1.36 from the vpn. For some reason before I was getting 1.36 on the vpn while another machine on the network also had 1.36. I can’t explain that. I just renewed the lease on the on-network machine to fix it.
