0

I can successfully connect to my VPN server (at work) using the builtin Cisco IPsec VPN client in OS X but once connected I can't access any of the servers.

If I connect to my phone's hotspot and try and connect it works fine.

Seems to be the fact that my local IP addresses and my work IP addresses are the same range 10.10.10.x

Should this be a problem? doesn't cause any problems on my Windows machine.

Improve this question
5
  • Do you enable send all traffic through that VPN connection? support.apple.com/kb/PH11138?viewlocale=en_US
    – shinjijai
    Commented Jan 14, 2014 at 14:22
  • I do not see those options under the advanced button, only DNS and proxies - I'm using Mavericks if that matters.
    – Trent
    Commented Jan 14, 2014 at 15:26
  • support.apple.com/kb/PH14139 < seems like the option is still there in Mavericks.
    – shinjijai
    Commented Jan 14, 2014 at 15:29
  • still don't see those options, but have decided to change my home IP addresses.
    – Trent
    Commented Jan 15, 2014 at 2:18
  • I also don't have that option. I think it is not available when using Cisco IPSec VPN because for other VPN types, it's there.
    – tolgamorf
    Commented May 25, 2014 at 23:43

1 Answer 1

Reset to default
2

Having the same IP-Ranges in your home and your work not only can but will be a problem.

Your machine gets the information that your server has IP-Adress 10.10.10.X. Your mac is happy, as all traffic going to 10.10.10.something should go via the ethernet-interface and sends it taht way even though there might not be any machine. The computer will sometime realize that there is no machine there but it will never send the request via the VPN-Connection even though it could reach the server there.

There are two "solutions" to that issue.

  • You can either send all traffic via the VPN-Connection as suggested by shinjijai. But then you will not be able to reach any servers in your local network while connected via VPN. And - depending on your internet-connection and surf-habits - this can slow you down.
  • Or you have to rethink your local IP-Adressing scheme. Do you actually need a class A-Subnet at home? Or would a private network in the 192.168.10.y range be sufficient? As most companies use either 10.x.y.z or 172.16.x.y as their internal netwwork IP-Range it is rather unlikely that you have to do that again.

Personally I'd use the second solution.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .