Tim Freedom wrote:
> Thanks Josh for your reply, the only reason I introduced 172.20.x.x
> was to avoid cases where the roaming laptops out there were assigned
> an IP address already in my LAN - isn't that a problem or does it even
> matter ? In other words, assume in my LAN I have a PC with an IP address
> of 10.0.0.9 and someone in their hotel room gets assigned 10.0.0.9 on
> their roaming/warrior laptop (DHCP just happened to set it to that) -
> will this laptop/user be able to VPN back to the office (there would
> be a clash, no) ? If this is indeed a problem how is this issue
> addressed otherwise I'm cool with simply using 10.0.0.1 for the bridge.
> Sorry if I'm being dense just trying to figure out how to proceed.
> Thanks again...
Yes, it will cause a problem if the network range overlaps with another
assigned to a mobile VPN client. I would recommend you use a
less-common subnet, and the 172.16/12 is a good choice (I use networks
in this range for my LAN and my VPNs for that same reason.) Also, even
if you go with a routed setup and give VPN clients their own separate
subnet from your LAN, the VPN will still be pushing your LAN network to
the client, and if this overlaps with a range the VPN client is using it
will still cause conflicts. Normally you never want to duplicate
network segments as it almost always leads to problems.
Description: OpenPGP digital signature