VPN and IP addresses

**SimonMac** · 29 January 2016, 15:44

It possible, however most VPN's will place you on a DMZ with restricted access to the host network, the subnet approved for access to the cloud will be different to the subnet allocated to users on the VPN, you can ask to add the VPN subnet to the whitelist of approved IP's

**VectraMan** · 29 January 2016, 15:46

I've done exactly that before. So certainly is possible.

If you connect to the VPN and tracert somewhere on the internet does it go through the office LAN? If not it may be that you need to set up a static route at your end.

**meanttobeworking** · 29 January 2016, 16:20

Thanks for replies. So if I do a traceroute with and without the VPN it's virtually identical, so I'm guessing the answer is no, it's not going via the LAN yet.

So...

Do I need to do something like this (I'm on a mac) and route traffic to the end destination via some IP address at the office?

https://meinit.nl/add-permanent-static-route-mac-os-x

**VectraMan** · 29 January 2016, 20:08

Yep. If there's a NAT internet router that you can get to via the VPN then that should work.

**Boney M** · 31 January 2016, 22:41

As Simon says, alternatively you could VPN in and RDP to a machine on that VLAN that is allowed, or just fudge teamviewer on a machine in the office

**meanttobeworking** · 31 January 2016, 23:20

Thanks - the Teamviewer fudge is currently in place, but I'm going to need a more robust solution as we roll out to several remote users shortly, so will pursue the rest of the suggestions given. Thanks for all the free advice, it's appreciated.

**Einstein Jnr** · 5 February 2016, 09:01

Originally posted by meanttobeworking View Post

Hi,

I'm not a network guy

This is something I have been thinking about more and more. I have picked up enough over the years to hold my own with a medium networking guy, but once the pro comes out I am floored.

I have thought of taking a CCNA or something similar even if it's just to be able to articulate better with the arrogant networking pro.

**SimonMac** · 5 February 2016, 09:53

Originally posted by meanttobeworking View Post

Thanks - the Teamviewer fudge is currently in place, but I'm going to need a more robust solution as we roll out to several remote users shortly, so will pursue the rest of the suggestions given. Thanks for all the free advice, it's appreciated.

This is where Citrix comes into its own, thin client into the office and then from there its just like being on the network.

A quick and dirty solution would be a jump box, those on the VPN can access the jump box and only the jump box which can then connect anywhere it needs to. A terminal service licence would be needed to avoid the maximum two at a time issue, but even basic networking knowledge could set something up where the VPN and internal LAN are still isolated

**meanttobeworking** · 10 February 2016, 15:23

Originally posted by SimonMac View Post

This is where Citrix comes into its own, thin client into the office and then from there its just like being on the network.

A quick and dirty solution would be a jump box, those on the VPN can access the jump box and only the jump box which can then connect anywhere it needs to. A terminal service licence would be needed to avoid the maximum two at a time issue, but even basic networking knowledge could set something up where the VPN and internal LAN are still isolated

Thanks for your reply, sorry to have missed it until now.

In the end, someone more senior got involved and "activated u-turning on the firewall", which seemed to do the trick, whatever that is!

VPN and IP addresses