9

I have VPN access to several machines in my office from my home machine. I'd like to be able to access those machines from another computer on my LAN, without setuping a second VPN access. Both computers are Windows 7 machines.

Is there a way for my "main" computer to share its VPN access to another machine on the LAN? How would one setup this share?

I don't think "simple" Internet connection sharing fits my needs because:

  1. My LAN already has its own DHCP/Router to access the Internet, and I'd like to keep it this way
  2. I can't access the Internet through my VPN connection
Peter Mortensen
  • 12,326
Axelle Ziegler
  • 193

4 Answers4

3

You might be able to get away with adding a route on the second machine to direct traffic to the VPN through the machine running the VPN client. I'm thinking something like:

route add 192.168.1.0 MASK 255.255.255.0 192.168.2.8

where 192.168.1.xxx is IP of the work VPN and 192.168.2.8 is IP of the VPN client. You might check out this discussion of the route command

EDIT: Linux syntax should be

route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.8

On windows it's

route add 192.168.1.0 MASK 255.255.255.0 gateway 192.168.2.8
rlduffy
  • 135
3

It seems I’ve solved same problem for myself today:

My configuration:

  • Router has address 192.168.1.1/255.255.255.0 and DHCP on
  • Windows 7 PC has LAN IP 192.168.1.5 (netmask 255.255.255.0 gateway 192.168.1.1) and PPTP VPN to remote 10.10.10.0 network

My last attempt was (and it's working!):

  • I switched on ICS on VPN connection and choose LAN as a target
  • This changed my PC LAN IP to 192.168.137.1 and clears gateway, so I fixed it by setting the LAN IP to 192.168.1.5, netmask to 255.255.255.0, and gateway to 192.168.1.1 (my DNS was 8.8.8.8 initially)
  • I’ve add a static route on the router: 10.10.10.0 mask 255.255.255.0 gateway 192.168.1.5

I have tried a thousand combinations and finally it’s working! Hopefully it can help others.

Synetech
  • 69,547
Aleksey
  • 31
1

I believe the solution is to create a site-to-site VPN, and not have computers run the tunnel individualy.

Perhaps your sysadmins could point you in the direction on how to do so?

xstnc
  • 789
  • 3
  • 11
0

The ability to allow a second computer to use the VPN depends on the settings your VPN client has - usually, VPN clients preconfigured by "corporate" admins are set to only allow the node actually running the VPN client software in on the VPN link.

I had a similar problem when I wanted a device to access a CVS server behind a firewall, but did not have a VPN client on that device. Solution: configure a non-standard port on the "2nd machine", run SSH (in your case: PuTTY) to forward that port to the server only "1st machine" can see when the VPN is connected:

[2nd_machine]-->[1025/tcp PuTTy on 1st_machine forwards]-->[VPN concentrator]-->[22/tcp CVS Server]

Florenz Kley
  • 1,571