[Seattle-SAGE] VPN connections from possibly overlapping networks

Atom Powers atom.powers at gmail.com
Wed May 4 07:51:49 PDT 2005


Your best choice is probably to change your internal network addresse
to an RFC 1918 range that is unlikely to be used. (I use
10.65.210.0/24 at home). But that's a lot of work for little benefit.

You can NAT incomming VPN connections and configure the clients to
"use default gateway on remote network". I haven't tried this, because
I want the ability to address VPN clients from the corp. network and
NAT breaks that. I use a PPTP VPN; the server assigns the clients an
IP and uses proxy arp, clients are configured to "use default gateway
on remote network" Whenever I run into a problem with conflicting
address space I almost always end up reconfiguring the remote network,
which is usually somebody's LinkSys router.

I don't trust PPTP either, but considering all the other security
problems with remote VPN clients, broken encryption is the least of my
worries.

On 5/4/05, Robin Battey <zanfur at zanfur.com> wrote:
> Howdy!
> 
> I just ran into another problem in Sysadmin-land.  Having conquered the
> dragon of Exchange and set myself up as ruler of my new Exim4/Cyrus castle
> (yeah, I know, shoulda used postfix -- I'll fix that eventually), I find
> myself facing a dragon once again:  How to allow my roadwarrior knights in
> shining armor to connect through our VPN from their internet cafes in
> Paris, when those internet cafes use the same RFC 1918 private network as
> I do.  (That would be the unfortunately common 192.168.0.0/24 private
> network.)
>



More information about the Members mailing list