LAN inaccessible over local bridge
- 
				moriose
- Posts: 10
- Joined: Mon Oct 12, 2015 3:48 pm
LAN inaccessible over local bridge
I set up a remote access VPN using Local Bridge and Windows L2TP/IPSec, things works fine except one thing I found odd. 
The VPN clients computer are able to intercommunicate between each other, but the VPN clients are Not able to communicate with the VPN Host server and the router(bridged) in the LAN as if they doesn't exist.
I found it odd because VPN client and existing device has the same IP subnet.
Is this a security feature? or do I need some more configuration?
All my settings are default, the only thing I think worth mentioning is that the VPN host server is set and DMZ host in the router.
			
									
									
						The VPN clients computer are able to intercommunicate between each other, but the VPN clients are Not able to communicate with the VPN Host server and the router(bridged) in the LAN as if they doesn't exist.
I found it odd because VPN client and existing device has the same IP subnet.
Is this a security feature? or do I need some more configuration?
All my settings are default, the only thing I think worth mentioning is that the VPN host server is set and DMZ host in the router.
- 
				thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: LAN inaccessible over local bridge
Do you use Linux?
			
									
									
						- 
				moriose
- Posts: 10
- Joined: Mon Oct 12, 2015 3:48 pm
Re: LAN inaccessible over local bridge
I am using Windows 7 as server.
thisjun wrote:
> Do you use Linux?
			
									
									
						thisjun wrote:
> Do you use Linux?
- 
				brokenglish
- Posts: 11
- Joined: Tue Oct 27, 2015 11:57 am
Re: LAN inaccessible over local bridge
Have you tried pinging the IPs of all the LAN computers (including the server that you are connected to) to see if you get any replies?
What made you say that you couldnt communicate with the other LAN computers? Did you use the computer name or the local IP address?
			
													What made you say that you couldnt communicate with the other LAN computers? Did you use the computer name or the local IP address?
					Last edited by brokenglish on Wed Oct 28, 2015 9:21 am, edited 1 time in total.
									
			
									
						- 
				moriose
- Posts: 10
- Joined: Mon Oct 12, 2015 3:48 pm
Re: LAN inaccessible over local bridge
I can ping other computer connected to the VPN and furthermore connected to the LAN via local bridge, but I can't ping the existing computer in the LAN, or use RDP, http or anything, as if they don't exist.
brokenglish wrote:
> Have you tring pinging the IPs of all the LAN computers (including the
> server that you are connected to) to see if you get any replies?
> What made you say that you couldnt communicate with the other LAN
> computers? Did you use the computer name or the local IP address?
			
									
									
						brokenglish wrote:
> Have you tring pinging the IPs of all the LAN computers (including the
> server that you are connected to) to see if you get any replies?
> What made you say that you couldnt communicate with the other LAN
> computers? Did you use the computer name or the local IP address?
- 
				brokenglish
- Posts: 11
- Joined: Tue Oct 27, 2015 11:57 am
Re: LAN inaccessible over local bridge
moriose wrote:
> I can ping other computer connected to the VPN and furthermore connected to the LAN
> via local bridge, but I can't ping the existing computer in the LAN, or use RDP, http
> or anything, as if they don't exist.
These VPN clients that you mentioned can communicate with one another, are these computers located at the same location or different location?
So let's say:
VPN Server is LAN #1.
VPN Client A is at a different location (LAN #2).
VPN Client B is at another different location (LAN #3).
When VPN Client A and B connect to LAN #1, you are saying that these two can communicate with one another, but not with VPN Server and the rest of the computers physically in LAN #1?
There are two possibilities:
1) There's a misconfiguration in the server settings - I need to take a look at the server directly to solve this quickly but it doesn't seem plausible
2) There is a Local IP mismatch (most likely)
Say the DHCP in LAN #1's router is set to distribute 192.168.1.XXX
You cannot have LAN #2 and LAN #3 to be in the same subnet.
You need to change them to, for example:
In LAN #2, the DHCP should be 192.168.2.XXX
And in LAN #3, the DHCP should be 192.168.3.XXX
If LAN #1, #2, and #3 have 192.168.1.XXX, you need to setup virtual DHCP on your server (this is a bit complicated)
I suggest you try changing the DHCP subnet first and see what happens.
			
									
									
						> I can ping other computer connected to the VPN and furthermore connected to the LAN
> via local bridge, but I can't ping the existing computer in the LAN, or use RDP, http
> or anything, as if they don't exist.
These VPN clients that you mentioned can communicate with one another, are these computers located at the same location or different location?
So let's say:
VPN Server is LAN #1.
VPN Client A is at a different location (LAN #2).
VPN Client B is at another different location (LAN #3).
When VPN Client A and B connect to LAN #1, you are saying that these two can communicate with one another, but not with VPN Server and the rest of the computers physically in LAN #1?
There are two possibilities:
1) There's a misconfiguration in the server settings - I need to take a look at the server directly to solve this quickly but it doesn't seem plausible
2) There is a Local IP mismatch (most likely)
Say the DHCP in LAN #1's router is set to distribute 192.168.1.XXX
You cannot have LAN #2 and LAN #3 to be in the same subnet.
You need to change them to, for example:
In LAN #2, the DHCP should be 192.168.2.XXX
And in LAN #3, the DHCP should be 192.168.3.XXX
If LAN #1, #2, and #3 have 192.168.1.XXX, you need to setup virtual DHCP on your server (this is a bit complicated)
I suggest you try changing the DHCP subnet first and see what happens.
- 
				moriose
- Posts: 10
- Joined: Mon Oct 12, 2015 3:48 pm
Re: LAN inaccessible over local bridge
Thanks everyone, but unfortunately, my problem persists.
The LAN of VPN server is 192.X.X.X, The LAN of the remote computer that connect to the VPN is 10.X.X.X, so they are in two different private LAN.
It turns out the remote computer could access the router(The gateway). I think this is the reason I could access internet through the bridged VPN. But still, the remote computer can not access the VPN server computer via its LAN address.
If I just need to access the internet through the bridged VPN, everything works fine already.
But I would like to access the computer in the VPN LAN, however it appears as if they don't physically exist, which is not true. However, devices remotely connected to the VPN can freely communicate with each other as if they are in LAN.
Another question, can a computer connect to the secured NAT/bridged VPN created on itself?
			
									
									
						The LAN of VPN server is 192.X.X.X, The LAN of the remote computer that connect to the VPN is 10.X.X.X, so they are in two different private LAN.
It turns out the remote computer could access the router(The gateway). I think this is the reason I could access internet through the bridged VPN. But still, the remote computer can not access the VPN server computer via its LAN address.
If I just need to access the internet through the bridged VPN, everything works fine already.
But I would like to access the computer in the VPN LAN, however it appears as if they don't physically exist, which is not true. However, devices remotely connected to the VPN can freely communicate with each other as if they are in LAN.
Another question, can a computer connect to the secured NAT/bridged VPN created on itself?
- 
				Mada
- Posts: 102
- Joined: Sat Jun 20, 2015 9:40 am
Re: LAN inaccessible over local bridge
You need a route set up between 192.x.x.x and 10.x.x.x. This works for me.
I am, however, unable to connect to the bridge/VPN server from a remote computer. I have unsuccessfully, been trying to resolve this for some time.
			
									
									
						I am, however, unable to connect to the bridge/VPN server from a remote computer. I have unsuccessfully, been trying to resolve this for some time.
- 
				thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: LAN inaccessible over local bridge
Please increase value of metric.
			
									
									
						- 
				moriose
- Posts: 10
- Joined: Mon Oct 12, 2015 3:48 pm
Re: LAN inaccessible over local bridge
Thank you everyone. but I don't know what happened. And I didn't change any settings explicitly. 
But now, when I use local bridge, the remote client are connected as if they are in the LAN, which I think is what does local bridge suppose to do. Now, I can communicate between remote devices and devices physically in LAN without problem.
			
									
									
						But now, when I use local bridge, the remote client are connected as if they are in the LAN, which I think is what does local bridge suppose to do. Now, I can communicate between remote devices and devices physically in LAN without problem.
- 
				mbrcomp
- Posts: 25
- Joined: Tue Dec 15, 2015 7:45 am
Re: LAN inaccessible over local bridge
This is an even worst scenario... :)
I can tell, among us peers, that when something suddenly works without me changing anything, is even worst than breaking something and having initially no clue what went wrong. It's like we are missing a chance to learn.
			
									
									
						I can tell, among us peers, that when something suddenly works without me changing anything, is even worst than breaking something and having initially no clue what went wrong. It's like we are missing a chance to learn.
