DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN issues (MacOS) Vigor 3910

  • bobtod
  • Topic Author
  • Offline
  • New Member
  • New Member
More
22 Oct 2024 16:04 - 22 Oct 2024 16:14 #104051 by bobtod
VPN issues (MacOS) Vigor 3910 was created by bobtod
Hi, our Mac clients connect through the VPN but have difficulty accessing internal servers. PC users can connect fine and access all internal servers from the same locations. If you tether MacBooks to a 4/5G network on your phone the Macs connect fine and can access everything through the VPN.

I have identified the affected users have home networks using the 192.168.1.x IP ranges which is conflicting with our main office IP ranges (unfortunately these are all legacy from 30 years ago). I believe it all stems from the Macs default of NOT sending all traffic over VPN where as Windows forces ALL traffic over the VPN connection. Even when selecting ‘send all traffic over VPN’  it still doesn’t route correctly for the Macs.

I can only access the Draytek (192.168.3.1) when using VPN (on a Mac) but not any other services using 192.168.1.xx or 192.168.2.xx

Brief Network Overview:
Internet access provided by BTNet Leased Line
192.168.3.1_________________________Draytek 3910
192.168.0.xx__________VLAN10____ Switches/servers/NAS
192.168.1.10-200____VLAN10____DHCP Workstations
192.168.2.xx__________VLAN10____Printers
192.168.200.1________VLAN20____ Client Wifi  (no access to main network, just web access)

VPN traffic allocates IP via DHCP 192.168.1.10 - 200
Subnet mask is: 255.255.252.0

I’m unsure of the best way to alleviate the issue:
A: Change VPN DHCP range to 192.168.10.xx and open up the subnet to allow visibility (this will mean manually changing all devices, +time-consuming)
B: Change VPN DHCP range to 192.168.10.xx and create a LAN to LAN static route

Or any other solution that would work?

Background: I’m no network engineer, I’m just a tech savvy IT bod who put in this network 24 years ago. The IP ranges have been inherited since the 90s and things have just been added over the years. There are a lot of devices to reconfigure if choosing option A and many users work remote (PC) which makes this challenging.
I’m working on a live system so I’m having to make changes at night to avoid disruption to staff. We have a lot of linux servers in the building that I’m not comfortable making network changes (over night) so this is why I’m looking for a solution that just affects the VPN dialled in users and possibly join together via a LAN to LAN static route if possible?

Any help of advice would be greatly received, I may be tackling this completely wrong so totally open to suggestions!

Regards

Bob
Last edit: 22 Oct 2024 16:14 by bobtod.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami