[vpn-help] Ambiguous Source IP Address with overlapping address pools

Mark Larwill larwill at gmail.com
Wed Jun 1 12:31:37 CDT 2011 

Andreas, thanks for your quick answer. Here is a more detailed description
of the configuration:

The addresses do not directly overlap but they are on the same network
address space. For example the local interface is a DHCP assigned address
from the pool 192.168.0.1 -- 192.168.0.100, and the virtual IPs are from the
pool 192.168.0.101 -- 192.168.0.254. They are on the same
192.168.0.0/24address space but do not directly overlap.

I believe you answered question 3 below. I'd like to know more than just
whether this works or not, specifically the questions I asked earlier:

1) Is there a reason why some traffic is tunneled and other traffic is not?
2) What is the logic of which source address is used?--Is that an OS
specific issue or is that specific to the shrew client?
3) Is the configuration as described above supported?
4) If not can support be added?

There are other VPN clients that support this type of configuration and
always choose the source IP to be the Virtual IP and tunnel the traffic in
this case.

On Wed, Jun 1, 2011 at 1:08 AM, <lst_hoe02 at kwsoft.de> wrote:

> Zitat von Mark Larwill <larwill at gmail.com>:
>
>
>  With Windows 7, and Shrew Client 2.1.7 if a user has a DHCP address on the
>> same network as the virtual address pool then the source address is not
>> always the same, some traffic will get tunneled and other traffic won't.
>> In
>> the case where the traffic is tunneled the source IP is the Virtual IP, in
>> the case where traffic is not tunneled the source IP is the interface's
>> DHCP
>> address. In the case where "tunnel all" is set then it seems like the
>> source
>> address should always be the virtual IP address.
>>
>> Is there a reason why some traffic is tunneled and other traffic is not?
>> What is the logic of which source address is used? Is that an OS specific
>> issue or is that specific to the shrew client? Is the configuration as
>> described above supported? If not can support be added?
>>
>
> Do i understand corretly that you have overlapped address-space between
> your lokal net and the VPN? This will not work.
>
> Regards
>
> Andreas
>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110601/5f24e07c/attachment-0002.html>

More information about the vpn-help mailing list