5

This question is about interaction between VPN clients and local machines.

I have a simple network on the subnet 10.0.200.0/24.  The router supports VPN.  The router forces the VPN IP pool to be on a separate subnet than the local machines, 10.0.300.0/24.

VPN clients can easily cross the subnets if they know the destination IP address.  Windows file sharing can work like this via IP.  But, Windows clients can not discover and browse other Windows machines by name.  Other applications that rely on network discovery also do not work across the subnets.

I have done some research and it sounds like this problem is caused by IP broadcast packets not crossing between subnets.  Of course this is the intended behavior of a broadcast packet.

  1. If the router supported VPN IP pools within the main subnet, would this fix the problem?

2.  What are the possible drawbacks of a network that whose VPN pool is in the main subnet?

3.  Are there any SOHO routers that support VPN pools in the main subnet?

4.  Why wouldn't all routers allow VPN pools in the main subnet?

  1. What would you recommend to someone who wants their VPN clients to behave more closely to the capabilities of local machines?
Shaun
  • 163
  • 1
  • 1
  • 4
  • 2
    This is a bit of rant and I apologize but I've never been a fan of "Let me browse the network of x number of computers to find the resources and data that I need to do my job" as a valid business process. Why not implement something like Sharepoint to make it easier for your users to find and use the data and documents they need?. – joeqwerty Jan 31 '13 at 21:55
  • @Joe QWERTY I agree but in an effort to follow the spirit of this site of being concise and isolating my question from rambling about the circumstances, I have left out the information about what brought me to this point. – Shaun Feb 08 '13 at 23:24

1 Answers1

3

You're exactly right re: the Windows "browsing" functionality being based on broadcast packets and your VPN not forwarding broadcast packets across subnet boundaries.

Generally forwarding layer 2 broadcasts at layer 3 isn't desirable. Your particular VPN product may allow you to configure NetBIOS broadcast forwarding. Alternatively, you could look at implementing a WINS server on each side of the VPN to allow clients to "browse".

I'm with @joeqwerty on this, though, to some extent. Implement a structured methodology for resource location in your organization and you'll reap the benefits down the road.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331