VPN access to LAN over internet, same device IP on Local and Remote network

Question

I successfully configured a VPN connection to my Home network over internet following this guide.

The current configurations is:

Home Network (Remote)

LAN:
    192.168.1.1 => Router/Modem Gateway
    192.168.1.20 => OpenVPN server (BananaPI device) on port 1194
    192.168.1.40 => Other Device (with WebInterface)

Services:
    The ISP has a Dynamic Public IP so in the Router a Dynamic DNS service is configured: 
    my.domain.com points to the public IP 

Port Forwarding: 
    - External Port 1194 is forwarded to Local 1194 for 192.168.1.20 
    (I can access the VPN server from internet at the address my.domain.com:1194)

Client Network (Local)

192.168.1.1 => Router/Modem Gateway
192.168.1.2 => VPN Client (connects to my.domain.com:1194 and gets 10.8.0.6 Ip address)

With this configuration I can successfully connect to VPN, I have internet access and the IP reported from http://whatsmyip.com when I'm connected with the client to the VPN is the Home Newtork's as expected. I can also access 192.168.1.40 web interface from Client Network over internet when (obviously) connected to VPN.

The only issue is if I visit 192.168.1.1 when connected to VPN I get the configuration web interface of the Client Network's router and not the Home Network's.

How shoud I solve this IP collision?

route print from (Windows) Client (192.168.1.2 on Client Network)

IPv4 route table
===========================================================================
Active Route:
     Network Destination             Mask          Gateway     Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     20
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
   82.104.210.184  255.255.255.255      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.1  255.255.255.255      192.168.1.1      192.168.1.3     20
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    276

`The only issue is if I visit 192.168.1.1 when connected to VPN I get the configuration web interface of the Client Network's router and not the Home Network's` - Why do you need to access the clients router? That aside, you could connect to a computer on the client network (via RDP, etc.) and access the client router from that computer. — joeqwerty, Aug 31 '15 at 16:24
@joeqwerty I need it to set up possible misconfiguration of Port mappings and so on. The solution you provide is an option in any case, thanks... — rdbisme, Aug 31 '15 at 18:52

score 5 · Accepted Answer · answered Aug 31 '15 at 15:50

5

Change the IP address scheme of your network.

answered Aug 31 '15 at 15:50

longneck

23,082
4
52
86

1

+1 Anything else is a kludge at best. – EEAA Aug 31 '15 at 16:23
This is the easiest solution (even because on Mac OSX with TunnelBlick as client having same IP schemes prevent access to LAN resources) – rdbisme Sep 03 '15 at 00:39

score 2 · Answer 2 · answered Aug 31 '15 at 16:43

2

As suggested, probably best to change your network layout if it's really that important. However, it should be possible to add a static route to the remote router interface.

I'm not 100% familiar with the Windows syntax for adding a route but on the VPN client it should be something like:

route -p add 192.168.1.1 mask 255.255.255.255 <VPN-gateway-IP:10.8.0.1?>

or on a Linux client:

route add 192.168.1.1 netmask 255.255.255.255 gw <VPN-gateway-IP:10.8.0.1?>

Or something similar to that. The goal is to set a static route to that IP which goes over the VPN instead of being routed locally. The VPN gateway may need to be additionally configured to allow and route to its local 192.168.0.0 network as well.

answered Aug 31 '15 at 16:43

CR.

216
2
6

I'm not a great expert with NAT and routing. With this solution will I be able to connect to the *local* router configuration when VPN is not connected? – rdbisme Aug 31 '15 at 18:49
1

On an OpenVPN server it's possible to "push" routes to connecting clients. So in the server config something like `push "route 192.168.1.1 255.255.255.255"`. See here: [link](https://openvpn.net/index.php/open-source/documentation/howto.html#scope) That way the static route should get removed down when the VPN disconnects. You could also run "up" or "down" scripts to change the route when the VPN is connected/disconnected. – CR. Sep 01 '15 at 12:26

VPN access to LAN over internet, same device IP on Local and Remote network

2 Answers2