[AccessD] VPN Connection to another site

Josh McFarlane darsant at gmail.com
Wed Jul 19 13:42:29 CDT 2006


The short answer is:

Change the business IP address to a non-common unused subnet.
Otherwise you'll continue to have conflicts. But there are enough
subnets in the private range that if you avoid the common router
subnets, you'll eliminate 99.9% of your conflicts. Go with
192.168.214.X

The long answer:

You could technically build your own router that would spoof the IP
Addresses from the host network. It would reroute external -->
internal packets to a fake unused subnet, so the client would see your
computers as the fake address. In return, it would spoof the external
IP addresses while inside your network to some unused fake subnet.

So to a client, a computer at 192.168.1.100 may appear as 10.0.10.100.
However, once it hits the router it would properly adjust the packet.

To your network, a client computer woudl appear as 10.0.12.100.
However, once it hit the router it would adjusted to 192.168.1.100 for
the client and routed properly.

However, this is severely overkill and would require a large time
investment, and still be prone to breaking if anyone connected from
the unused subnets.

Unless your clients want to talk to each other through VPN from your
office, it's silly not to change your internal IPs to something rarely
used, and then deal with the edge case when it comes up (if ever).

Pick from any of the below:
Start
192.168.0.0  	-   	192.168.255.255
172.16.0.0 	 - 	172.31.255.255 	  	
10.0.0.0 	 - 	10.255.255.255

Although I'd avoid 192.168.0.X and 192.168.1.X because they are the
defaults on just about anything.

How about you set up your network as 192.168.214.X? I only get 16 hits
on google for that subnet range, and only 3 newsgroup entries, so it
seems highly unused.

Josh

On 7/19/06, Julie Reardon-Taylor <prosoft6 at hotmail.com> wrote:
> No. That's not the point.  The vpn is connecting to another business.  The
> network may conflict again with another client.  Am I then to change the
> ip's all over again?
-- 
"Peace cannot be kept by force. It can only be achieved by understanding."
-Albert Einstein



More information about the AccessD mailing list