VPN connected but unable to access LAN remotely

  • Last updated on February 28, 2016
  • Network

If you are reading this post, it is assumed that you have setup VPN server and able to connect into it remotely. You are now able to access the Internet but not any LAN computers. The cause is very likely due to use of the same LAN IP subnet on both the source (connecting from) and destination (connecting to).

Precedence in routing table

In the routing table of a router, the most narrow subnet takes precedence over wider subnets. In most home routers, the 0.0.0.0/0 subnet (covering all of IPv4 addresses) routes through WAN. A more narrow subnet such as 192.168.0.0/24 (or 192.168.1.0/24) routes through LAN. /0 being the widest and /32 being the most narrow thus /24 is more narrow than /0.

When connecting to VPN server, the VPN client creates a virtual network adapter that routes through the VPN server. In order for the VPN route to take precedence over the standard WAN route, VPN servers typically push 0.0.0.0/1 and 128.0.0.0/1 which are two halves of all IPv4 addresses. These are more narrow than 0.0.0.0/0 thus taking precedence.

Use of same LAN subnet in source and destination network

Assuming your source IP subnet is 192.168.0.x and the destination is also using the same subnet. The router will route you through local LAN instead of routing through VPN thus unable to access 192.168.0.x on the destination LAN.

The solution

Make sure both source and destination LANs do not use the same IPv4 subnet. For example, try changing the remote LAN subnet to 192.168.111.x.