We have a Windows 2008 R2 server box, which connects to a Customer VPN.
Customer VPN:
- Assigns a 10.10.10.x IP when connected
- Owns a resource in their 172.x.x.x subnet that I needs to access
On the server:
– I've set a route for 172.x.x.x to be directed to the Customer VPN server so that I can access the resource
– I've set up my own VPN so I can connect remotely on 192.168.168.x
How can I access the 172.x.x.x network from my home PC when connected to my server's VPN?
I tried setting up a 172.x.x.x route to my Server VPN IP but that didn't work, presumably because the Customer VPN doesn't know about my own subnet.
Edit: There are two reasons that I want to access the Customer VPN through my Server's VPN: a) it contains a DB that I wanna develop against from my home/dev PC and b) my home router doesn't support VPN pass through so I cannot connect directly.
Best Answer
The answer is, it depends.
Are you using a VPN client - like ciscos or sonicwalls vpn clients?
Does the VPN software you are using to open the connection permit routing?
Do you have routing installed on your windows server and are you using an MS vpn tunnel between two servers? From what you've said it sounds like a vpn client and not this.
If the server is being assigned a single IP then it appears on the clients network as that IP and not with your internal IP. If you want to connect from another PC then your server is going to have to not only route connections from your pc to their server but its also going to have to NAT the traffic to that assigned IP. Does what you are using support that?
When your home PC connects, there are more complications. Your home PC recieves an ip in your subnet... but normally will only route traffic for that subnet to your office. You need to 'push' out the route for 172.x.x.x to your pc. It depends on the software you are using as to how you do this.
The ideal is to open a point-to-point link and to route between the two networks. For this to work you will need their cooperation and a router/fw to open an ipsec tunnel between the two. This way they will send all traffic for your subnet to your router and your router will send all traffic destined for 172.x.x.x to their router.
Interconnecting Networks is not rocket science - its a bit more like watchmaking. Thousands of little tiny details. If one bit is out of place it doesn't work.
Simplest soution: buy a new router for home for 50$ and save yourself a lot of trouble.
UPDATE: if you are going to be changing things and you don't have a big setup then I'd recommend just buying a little sonicwall firewall and letting that handle the ipsec tunnel and remote access. It removes much of the headache and they cost next to nothing. Running RAS on a windows server introduces all sorts of fun problems with blocked ports and routing... thats why everyone usually dedicates a server to RAS and nothing else.
I don't know how you are planning to open this site-to-site tunnel. Are you planning to use IPSec, Openvpn or pptp or something else?
A site to site connection means that the whole 172.x.x.x subnet should be able to reach your whole 192.168 (or whatever you use) subnet... Unless a rule filters the traffic somewhere.
When connect to your office you are assigned an ip in 192.168.x.x so you should be able to reach the remote subnet from home.
Complications: -The relaying of packets from a dialin client to a remote subnet may be restricted by the server by default - depending on what software you use. - you will need to 'push' out a route to 172.x.x.x to your dial in client so it knows to send that traffic to your office - If you are on your own, setting this up and debugging it while connected from home is even more fun and games
Hope that helps.