VPN via IB4 no longer finds “local” servers

@DocBrown kind of strange, I would have said that it should work.

What kind of server is it?

This often happened to me: some of my servers, which were running virtually on a physical one, were broken down. The server could be reached via ping, but the virtual one could no longer be reached.

Hi @DocBrown

What is the local subnet in the hotel/house/tent or wherever you are? Or do you access the Internet via mobile phone hotspot?

If it is also 192.168.1.0/24, your device is probably trying to reach the server on the wrong interface.

LG

r00t

---

@DocBrown wrote:

UPDATE:

I’m in a private household now. If I now turn on the VPN and then type 192.168.1.1, then I get to the resident’s router and with 192.168.1.x I reach his DiskStation, not mine.

---

This became the thesis

If it is also 192.168.1.0/24, your device is probably trying to reach the server on the wrong interface.

aka subnet conflict proven 😉. However, you won’t like the solution. This is: Do not use 192.168.1.0/24 on one page…

LG

r00t

Hi @DocBrown

And even if:

I never know how the guest network is configured. If I change my network to the 10 range and I get into a network with a 10 range, I’ll face the same problem, right?

In 10.0.0.0/8 there is enough space for 2²⁴⁻⁸ i.e. 65,536 /24 subnets.

If you take a more exotic subnet, the chance of encountering the same thing is pretty slim. Personally, I have never found my subnet anywhere outside of my apartment 😉. If you are primarily in private households, in most cases you will not find a private subnet in this range, but rather a network in the 192.168.0.0/16 range.

By the way, this is a problem that does not occur with IPv6, since in most cases you don’t need any “private” networks - at least not like those found today (with NAT).

Such a mini router might be an option. Since the 192 network is usually the standard in private households. Could you recommend a device?

Personally, I use a GL-iNet AX3000

The “double-NAT” solution is of course a bit ugly 😉

LG

r00t

@DocBrown

If you work a lot with VPN servers in your home network, it is always a bad idea to use a default IP range at home.

If you had your home network e.g. B. configured to 192.168.13.0/24, you would probably already be 99.9% spared from the current problem 🙂

The idea with the additional travel router works, but it requires you to have access to a LAN port on the external network, which is far from always possible.

The Nano Router from TP Link has proven to be a jack of all trades for such specials:

[https://www.digitec.ch/de/s1/product/tp-link-tl-wr802n-router-5615380](https://www.digitec.ch/de/s1/product/tp-link- tl-wr802n-router-5615380)

Hi @Werner

but requires that you have access to a LAN port on the external network

I don’t know whether the TP-Link can do that too, at least the GL-Inet box can also connect to an existing WLAN (see [“Repeater”/STA](https://docs.gl-inet.com/router /en/4/interface_guide/internet_repeater/)). No cable needed 😉

IMO, the “correct” solution is still re-addressing the home network.

LG

r00t

Basically, maybe a different solution without the big “I’ll buy this and that for my VPN”.

Tailscale · Best VPN Service for Secure Networks

Tailscale is free, I have configured all PCs, my smartphone, my tablet and my 2 Synologies with Tailscale. That’s ALWAYS the case, no matter what address you have…

Just a thought…

Good luck!

@r00t

It’s a bit outdated now, but because the TP Link Nano Router is super small and really suitable for traveling, a few more words about it:

- knows all conceivable operating modes

- can be powered not only via a power supply, but also via any USB interface (e.g. directly from a notebook or from a USB interface on a main router).

But if you want to operate your own network with an IP range that differs from the Internet access router, you need the router mode including the DHCP server and then I can’t spontaneously think of a solution like setting up your own network in the media operating mode. Bridge or WLAN repeater should work.

Tailscale is free, I have configured all PCs, my smartphone, my tablet and my 2 Synologies with Tailscale. That’s ALWAYS the case, no matter what address you have…

---

I have yet to get my hands on a usable and scalable VPN solution that NOT works with routing table bending.

https://de.wikipedia.org/wiki/Routingtable

Practically all VPN solutions create a “virtual network card” that swallows or delivers all data packets that travel through the VPN tunnel.

On Windows with:

# route -4 print

Check the routing table when the VPN tunnel is active.

Hi @DocBrown

But maybe there is an easier way and a lot of things can be done via DHCP. So I would now like to ask the question, how could I change the IP range quickly and easily on the IB4? So that I don’t have as little impact on my network as possible. Thanks!

Here adjust the “local IP address”. You will inevitably have an impact 😉. The easiest way is to restart the IB and any switches + WLAN boxes, then each device has to get a new lease.

If everything goes wrong - simply reset or reset IB.

LG

r00t