Windows – How to set up a VPN in a different subnet

Let's suppose we have this configuration:

configuration .

When I setup my VPN role in the Windows Server to allocate IPs to VPN clients from the range 192.168.1.10 to 192.168.1.20 everything works fine.

However, when I want to isolate the VPN clients in a different subnet (for example 192.168.2.0/24) then I don't know how to proceed. The connection to the VPN server works fine, my VPN client gets the address 192.168.2.2 for example, and is able to ping the server at 192.168.1.2, but can't see the other machines in 192.168.1.0/24 and can't reach the Internet though.

I know that I have to add some static route somewhere, but I don't really see where. Any pointer?

Best Answer

You are missing the route in your router for 192.168.2.0/24. You VPN clients can get to your local LAN. The clients would be responding to their default gateway, since they do not know where 192.168.2.0/24 is. That would need to be in your router's routing table, so that it can forward that traffic back to your Windows VPN server.

As a general rule, every router needs to have a route added for any subnet that is not directly connected.

Best Answer

Related Solutions

How to set up routing for a VPN gateway separate from the main gateway

Sonicwall site-to-site can not access remote network

Related Topic