0

I have an ASUS router at home, which is connected to the modem to access the internet. Two computers are connected to the ASUS router via wireless connection (subnet 192.168.1.x). When I use VPN (specifically Cisco Anyconnect Secure Mobile Client) on one computer, that computer can not be accessed by other computers on the 192.168.1.x subnet, but that computer still can access other computers on the 192.168.1.x subnet. (EDIT: This sentence has been corrected.)

I want to solve this problem by connecting (using cable connection instead of wireless connection) both computers to a 2nd router (Linksys E1000). But this Linksys router also has a subnet of 192.168.1.x. It seems that there is a conflict when a computer is connected to both routers.

Does anybody know how to configure the Linksys router so that the two computers can still be accessed between each other when one computer is on VPN (via the connect by the ASUS router)?

Alternatively, is there a way to modify the routing table to make the first computer accessible by computers on 192.168.1.x?

Thanks.

PS. Both computers are of Mac OS X.

Here are the routing tables before and after the VPN is on.

==> /tmp/before_vpn.txt <==
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGSc           98        0     en0       
127                127.0.0.1          UCS             0        0     lo0       
127.0.0.1          127.0.0.1          UH             68  8371478     lo0       
169.254            link#5             UCS             0        0     en0      !
192.168.1          192.168.1.1        UGSc            2       21     en0       
192.168.1.1/32     link#5             UCS             1        0     en0      !
192.168.1.1        d8:50:e6:cc:40:20  UHLWIir        37       17     en0   1177
192.168.1.106      60:30:d4:77:42:d0  UHLS            0        3     en0       
192.168.1.192/32   link#5             UCS             0        0     en0      !
224.0.0/4          link#5             UmCS            2        0     en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI          0        0     en0       
239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI          0     1225     en0       
255.255.255.255/32 link#5             UCS             0        0     en0      !

==> /tmp/after_vpn.txt <==
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            link#11            UCS           114        0   utun1       
default            192.168.1.1        UGScI          22        0     en0       
1.2.3.4            link#11            UHW3I           0        0   utun1     12
8.8.8.8            link#11            UHW3I           0        1   utun1     12
13.249.29.17       link#11            UHWIi           1       20   utun1       
17.57.144.86       link#11            UHWIi           1       22   utun1       
17.167.194.149     link#11            UHWIi           2       37   utun1       
17.248.131.40      link#11            UHWIi           1       11   utun1       
40.115.22.134      link#11            UHWIi           1       12   utun1       
52.113.194.132     link#11            UHWIi           1       17   utun1       
52.114.36.29       link#11            UHWIi           1       14   utun1       
74.125.196.189     link#11            UHWIi           1       17   utun1       
108.177.9.188      link#11            UHWIi           1       11   utun1       
127                127.0.0.1          UCS             0        0     lo0       
127.0.0.1          127.0.0.1          UH             59  8373376     lo0       
xxx.yyy.178.201    link#11            UHWIi           1        6   utun1       
xxx.yyy.178.209    link#11            UHWIi           1        5   utun1       
xxx.yyy.254.1      link#11            UHWIi           3      134   utun1       
xxx.yyy.254.3      link#11            UHW3I           0       19   utun1     18
uuu.vvv.0.132/32    192.168.1.1        UGSc            1        0     en0       
169.254            link#5             UCS             0        0     en0      !
172.31/18          link#11            UCS             0        0   utun1       
172.31.48.5/32     127.0.0.1          UGSc            0        0     lo0       
172.217.9.129      link#11            UHWIi           1        7   utun1       
172.217.9.142      link#11            UHWIi           2       22   utun1       
172.217.12.46      link#11            UHWIi           1       12   utun1       
192.168.1          192.168.1.1        UGSc            1       21     en0       
192.168.1.1        d8:50:e6:cc:40:20  UHLSr          27        6     en0       
192.168.1.106      60:30:d4:77:42:d0  UHLS            0        3     en0       
192.168.1.192/32   link#5             UCS             0        0     en0      !
198.252.206.25     link#11            UHWIi           1       13   utun1       
224.0.0/4          link#11            UmCS            2        0   utun1       
224.0.0/4          link#5             UmCSI           1        0     en0      !
224.0.0.251        link#11            UHmW3I          0        0   utun1     15
239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI          0        4     en0       
239.255.255.250    link#11            UHmW3I          0        4   utun1     15
255.255.255.255/32 link#11            UCS             0        0   utun1       
255.255.255.255/32 link#5             UCSI            0        0     en0      !
Improve this question
7
  • 2
    usually the feature you are asking about is called Split Tunneling. I don't see the need for the second router though. what kind of VPN connection are we talking about? from what to what?
    – Frank Thomas
    Commented May 20, 2020 at 23:26
  • Unfortunately, the VPN software that I must use does not offer such a split tunneling option. I must use a second router to solve this problem.
    – user1424739
    Commented May 20, 2020 at 23:51
  • What services are you trying to share between the two LAN computers after one of computers connects to the VPN?
    – Vernon Keenan
    Commented May 21, 2020 at 0:59
  • I will use ssh to login to one machine from another.
    – user1424739
    Commented May 21, 2020 at 3:07
  • If Split Tunneling is allowed or not is determined by the VPN profile assigned to you by the VPN administrator. Usually for security reasons split tunneling is forbidden, because otherwise your PC would become an uncontrolled network bridge between your network and the company network - an potential weak spot attackers love to get access to the company network.
    – Robert
    Commented May 22, 2020 at 15:51

2 Answers 2

Reset to default
0

Most VPNs work by creating an additional network device that is used to then tunnel through your TCP/IP connection to the Internet.

VPN connection software will then usually change the OS routing table to route all of your outbound traffic through the new device. However, your LAN device is still there and you can still communicate on your 192.168.1.0/24 network.

Try this experiment. First determine the IP address of the two computers, let's say 192.168.1.100 and 192.168.1.101. Then, before the VPN is up, this should work from the *.100 computer:

ipconfig/all
ping 192.168.1.101

Next, connect your VPN and repeat the above sequence. The PING should still work, and the second time you do an IPCONFIG it should should the new VPN device. If you're on Mac or Linux, change ipconfig/all to ifconfig.

Improve this answer
3
  • 1
    I don't think this works. The first machine has a IP of 192.168.1.* before openning VPN. After opening the VPN, it does still have that IP address. But if I try to ping it from the 2nd machine,, that IP is not accessible. Both machines are Mac OS X.
    – user1424739
    Commented May 21, 2020 at 2:13
  • Might want to ask the op to show his routing table from the computer that's using the VPN. Chances are the software is rewriting it. I'm no Mac user, but I'm sure osx has a way to add a route back in from the command prompt.
    – Tim_Stewart
    Commented May 21, 2020 at 3:20
  • @Tim_Stewart Routing tables have been added. Maybe you can show what would be done on other Unix variants. Then, the equivalent Mac commands may be figured out.
    – user1424739
    Commented May 22, 2020 at 14:42
0

i would just try to check what is your nat table(network routes) in Windows when you connect via Cisco VPN. the VPN app just might change your nat table and adjust all traffic to go only via VPN adapter.

just open cmd as admin-> "route print"

it should list you Nat/route table, you start off that

You can also convince your IT person to disable "Tunnel all" on the VPN setup, unless its PPTP, of course. But even if its PPTP just say your IT to change it asap as its insecure.

Improve this answer
1
  • I can not conince my IT person to make changes to VPN setup. Also, I use Mac instead of Windows.
    – user1424739
    Commented May 21, 2020 at 4:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .