Connecting 2 networks with overlapping IP address ranges via a VPN

[Guest]

Hello all networking gurus,

I'm trying to create a VPN to share files between my home network and my
friend's laptop which frequently moves from one location to another.
Typically, everything works fine. I've also enabled split tunneling on his
laptop to ensure that he can access the internet and my VPN simultaneously.
However, the problem is that my friend's computer uses DHCP to obtain it's IP
address (e.g. free WiFi at coffee shops, etc.) and sometimes he obtains an IP
address which conflicts with my home network IPs and internet connection
problems appear once he connects to my VPN. (n.b. presumably due to the
routing table changes which occur once he forms the VPN connection). To the
best of my knowledge, the reason duplicate IP addresses appear in the first
place is because the DHCP server at his location uses the same pool of IP
addresses as the DHCP server on my home network (192.168.0.x). Because he
connects to publically available wireless access points he cannot administer
them to prevent duplicate IPs and, after thinking quite a bit, I've decided
I'd like to modify my network in such a way that it ensures my friend's
laptop can connect without problems regardless of his location and my/his
available IP address range.

I've considered manually changing the IPs for all computers on my home
network whenever there is a duplicate IP address problem, but this has many
disadvantages: it requires downtime for my entire home network of multiple
computers, is very annoying to my friend, is time-consuming for me to
administer, etc.. So... what are my options? All computers are Windows XP
Home Edition and I host the PPTP VPN server on my home machine. I can fully
administer my end of the network (e.g. access points, firewalls, etc.).

Thanks very very much in advance,
Shaun

 

[Robert L [MVP - Networking]]

it is better to change your home IP range. Another option is setup peer to peer VPN. These search results may help,

Solution for peer to peer VPN using the same IPCase Study - Both VPN sites are using the same IP range ... Since he is using the same IP range of the office LAN, any traffics to 192.168.0.x from the VPN ...
http://www.chicagotech.net/casestudy/peervpn1.htm

Resolution for VPN server and client using the same IP rangeResolution for VPN server and client using the same IP range. Q1: if both (VPN Client and server) locations have same ip e.g: 192.168.1.0/ , we can't change ...
http://www.chicagotech.net/Q&A/vpn49.htm



Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello all networking gurus,

I'm trying to create a VPN to share files between my home network and my
friend's laptop which frequently moves from one location to another.
Typically, everything works fine. I've also enabled split tunneling on his
laptop to ensure that he can access the internet and my VPN simultaneously.
However, the problem is that my friend's computer uses DHCP to obtain it's IP
address (e.g. free WiFi at coffee shops, etc.) and sometimes he obtains an IP
address which conflicts with my home network IPs and internet connection
problems appear once he connects to my VPN. (n.b. presumably due to the
routing table changes which occur once he forms the VPN connection). To the
best of my knowledge, the reason duplicate IP addresses appear in the first
place is because the DHCP server at his location uses the same pool of IP
addresses as the DHCP server on my home network (192.168.0.x). Because he
connects to publically available wireless access points he cannot administer
them to prevent duplicate IPs and, after thinking quite a bit, I've decided
I'd like to modify my network in such a way that it ensures my friend's
laptop can connect without problems regardless of his location and my/his
available IP address range.

I've considered manually changing the IPs for all computers on my home
network whenever there is a duplicate IP address problem, but this has many
disadvantages: it requires downtime for my entire home network of multiple
computers, is very annoying to my friend, is time-consuming for me to
administer, etc.. So... what are my options? All computers are Windows XP
Home Edition and I host the PPTP VPN server on my home machine. I can fully
administer my end of the network (e.g. access points, firewalls, etc.).

Thanks very very much in advance,
Shaun

 

[Guest]

Hi Bob,

Thanks for the response, but I don't think I've got a solution yet. I'm not
against changing my home IP range one time to prevent overlaps, but I do not
want to be in a position where I potentially need to reconfigure my network
each time my friend connects to a new wireless access point.

I've read the information at the links and, unfortunately, they were not
helpful. One listed solution requires Cisco VPN software whereas I'm using
the Microsoft-provided VPN software in Windows XP Home Edition. Another
solution recommends manually updating the routing table on the VPN client,
but for overlapping IP ranges this requires overlapping routing entries on
the client essentially allowing access to remote IPs at the expense of access
to local IPs thus blocking access to local machines. I want all local and
remote machines to be accessible. Also, this would be time-consuming and
difficult to administer, especially if problems pop up as my friend logs in
at 2am in the morning .

Another recommended solution was to use an IPSec VPN, but I do not see how
this solves the problem of connecting two networks with overlapping IP
ranges. Can you explain how this would solve the problem before I start down
this path? My impression is that configuring IPSec is much more difficult
than PPTP and I want to know more about how it handles overlapping IP
addresses before I get started.

Thanks and best regards,
Shaun

 

[Guest]

All,

I was thinking and it would seem to be better if I could configure my VPN
server to run all incoming VPN connections through a NAT so, say, I can use
192.168.0.x/24 on my home network and translate all overlapping VPN IP
traffic from 192.168.0.x/24 to 192.168.1.x/24 without regard for the IPs used
on the VPN client's local network. Does anyone (PLEASE!) know how to setup
NAT for incoming VPN connections on Windows XP Home Edition? It seems like
setting up a NAT after incoming VPN connections and before outgoing VPN
connections is really the best solution since it would seem to only require a
one-time setup (unless I change my home network subnet) and it would enable
my friend to connect to my home network regardless of his laptop's location
or assigned IP address. Can anyone explain how to do this?

Thanks,
Shaun