Let's suppose we have this configuration:
.
When I setup my VPN role in the Windows Server to allocate IPs to VPN clients from the range 192.168.1.10
to 192.168.1.20
everything works fine.
However, when I want to isolate the VPN clients in a different subnet (for example 192.168.2.0/24
) then I don't know how to proceed. The connection to the VPN server works fine, my VPN client gets the address 192.168.2.2
for example, and is able to ping the server at 192.168.1.2
, but can't see the other machines in 192.168.1.0/24
and can't reach the Internet though.
I know that I have to add some static route somewhere, but I don't really see where. Any pointer?
Best Answer
You are missing the route in your router for
192.168.2.0/24
. You VPN clients can get to your local LAN. The clients would be responding to their default gateway, since they do not know where192.168.2.0/24
is. That would need to be in your router's routing table, so that it can forward that traffic back to your Windows VPN server.As a general rule, every router needs to have a route added for any subnet that is not directly connected.