[vpn-help] Ambiguous Source IP Address with overlapping address pools

[kevin vpn]

On Mon, 13 Jun 2011 10:24:14 -0700
Mark Larwill <larwill at gmail.com> wrote:

> Is anyone able to help now that I've added additional clarification?
> 
> On Wed, Jun 1, 2011 at 10:31 AM, Mark Larwill <larwill at gmail.com>
> wrote:
> 
> > Andreas, thanks for your quick answer. Here is a more detailed
> > description of the configuration:
> >
> > The addresses do not directly overlap but they are on the same
> > network address space. For example the local interface is a DHCP
> > assigned address from the pool 192.168.0.1 -- 192.168.0.100, and
> > the virtual IPs are from the pool 192.168.0.101 -- 192.168.0.254.
> > They are on the same 192.168.0.0/24address space but do not
> > directly overlap.
> >

Hi Mark,

Even though the specific addresses given out do not conflict with those
on the local adapter, there is a network overlap conflict because the
subnet masks used make the two networks one.

I think I remember one of the devs saying that it is the OS that
affects whether the traffic is tunnelled or not in an overlapping
situation.  It may actually be related to the machine's ARP table.  If
the MAC for host you're trying to contact has been seen most recently
on the local interface, Windows may chose that instead of the tunnel
since it already knows how to reach the host.

You might be able to fix this problem if you change the subnet masks,
although the way you've split up your network right now does not subnet
very nicely. 

At the end of the day, as Andreas said, overlapping address space
is an unsupported configuration for Shrew.