Company VPN on same subnet as home network

My company has a PPTP VPN (I know it's not very secure) on a 192.168.1.0 /24 subnet.

For people connecting from their home networks, file sharing doesn't work if their subnet is 192.168.1.0 /24. Some (and only some) SMB servers don't respond properly on Windows 7.

From my home network (192.168.4.0 /24), everything works as expected.

So what could be the issue? Overlapping IPs on the two networks? Routing? How could I fix this problem without asking people to change their home networks (I don't want to get fired) and without changing the company's subnet?

Thanks for your help.


Solution 1:

Overlapping IP's.

Practically the company should not use private address space for a VPN that connects outside their control - it is not private if you have external people dial in.

On top, only someone with little experience and a little ignorant to realities would use 192.168.x.x for private VPN space - you can avoid a LOT of problems if you use another private area, just not 192.168.x.x/24 Why? Because for some reason that is the area (.0.x, .1.x) that most end user equipment comes preconfigured to use as. I have never seen a 10.x.x.x/8 or the third (172.16.0.0/20) block being preconfigured - and all examples use 192.168. So, using THAT is just inviting.

But technically, seriously, that should not be private address space because if you turn out those addresses to external networks THEY ARE NOT PRIVATE.

At least move them to some "not commonly used" numbering. Check the relevant RFC.

without changing the company's subnet?

Out of luck. Seriously. The company subnet is set up in a way that is bad. Point. This IS the problem.

I do a lot of VPN with external parties and by using 172.20.x.x and 10.0.x.x internally I managed to solve nearly all problems.

Thanks soon IPV6 comes around and then there is private registered space with some place where you can register some addresses for internal use (http://www.sixxs.net/tools/grh/ula/) runs one / the register.

Up to then it means moving out of at least the 192.168 "every router you buy uses that" space.