Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

VPN client and IP address conflicts

roadkill401

roadkill401

macrumors 6502a
Original poster
Jan 11, 2015
519
210
I know that Apple provides no support for VPN, so I am stuck on how to get around this.

Like most everyone here, I get my internet from a service provider not by buying a T1 or some network connection from the telecom giants. So I am stuck using their broadband modem/router to connect. This dictates some things like sadly for me the IP address scope that I can use. They are a!h here and force me to use a 192.168.2.x ip address space. Not that it really makes my life horrible.

But my kid is going to university and their house has internet too and also use the 192.168.2.x ip address range. This then causes the issue that they cannot VPN back to home.

I have the VPN server setup fine inside my home and it works just great for them to connect from any other location it seems other than their house as the VPN client on the macOS doesn't work like you'd expect it should or could. I have the IPSec setup fine and even have the checkbox to 'route all traffic through the VPN' but for whatever reason, because the IP address at their house is the same as mine here, the Mac cannot see my network when connected. so if they try and connect to any of the machines inside my 192.168.2.x network, the traffic doesn't get sent over the VPN at all, and just stays local to their house. If they go to a friends house and not change a single configuration or setting, it works fine as the friends have a different ip address set like 10.0.1.x. or perhaps 192.168.1.x. it is just if the two IP address ranges are the exact same that it doesn't work.

I can't change mine, and they don't have the power to force the house to change theirs.

Does anyone know of any work around that might work?
 
arw

arw

macrumors 65816
Aug 31, 2010
1,236
979
I'm no network expert but some thoughts as I went through something similar. There may be other (software) solutions though.
It comes down to the complexity of your home network and if you could afford a second router/access point:
I have the main router provided by my ISP in the 192.168.2.x ip address space.
I bought a second router/access point without any expensive modem functionality but a simple WAN port. That WAN port is connected to the main router to get internet access.
Said second router/access point is configured to the 192.168.4.x ip address space and all PCs are physically connected to it and WiFi as well as VPN are set up on it.

(I'm not from the US but for what it's worth, I use a 70€ FritzBox 4040 for that. https://en.avm.de/products/fritzbox/fritzbox-4040/)

Edit: For VPN to work on the second router, I had to forward the ports: 500, 4500 and 1701.
 
Last edited:
roadkill401

roadkill401

macrumors 6502a
Original poster
Jan 11, 2015
519
210
DeltaMac said:
Does your VPN support have any suggestions?
Click to expand...

what VPN support? I installed a VPN server at my house, and configured the vpn client on my kids Mac. The VPN server software say that nothing is wrong on their end. If the client doesn't direct the network packets to the server then what can they do about it? The problem is on the client end and as I sad Apple refuses to take any support for network issues seriously. they suggest that you post to the apple suggestion site and they will consider it. like as if that will ever happen
 
roadkill401

roadkill401

macrumors 6502a
Original poster
Jan 11, 2015
519
210
arw said:
I'm no network expert but some thoughts as I went through something similar. There may be other (software) solutions though.
It comes down to the complexity of your home network and if you could afford a second router/access point:
I have the main router provided by my ISP in the 192.168.2.x ip address space.
I bought a second router/access point without any expensive modem functionality but a simple WAN port. That WAN port is connected to the main router to get internet access.
Said second router/access point is configured to the 192.168.4.x ip address space and all PCs are physically connected to it and WiFi as well as VPN are set up on it.

(I'm not from the US but for what it's worth, I use a 70€ FritzBox 4040 for that. https://en.avm.de/products/fritzbox/fritzbox-4040/)

Edit: For VPN to work on the second router, I had to forward the ports: 500, 4500 and 1701.
Click to expand...
that is then doing double NAT that in network terms is considered a rather bad thing to do. what I am stuck is either on how to get the Apple built in client to function correctly. Or more likely how to force MacOS to properly handle the network correctly. if the issue is that the MacOS can't insert the VPN to act as the primary network interface and still allow it to then repackage all network requests into encrypted bundles and forward them off to the physical network interface that is connected to the wifi/ethernet then there isn't much that can be done. if its a MacOS limitation then even a third party vpn client won't do much.
 
Bigwaff

Bigwaff

Contributor
Sep 20, 2013
2,735
1,830
roadkill401 said:
I can't change mine, and they don't have the power to force the house to change theirs.

Does anyone know of any work around that might work?
Click to expand...
You need 1:1 NAT enabled on the VPN tunnel... if your VPN implementation supports it.
 
Marco Klobas

Marco Klobas

macrumors 6502
Jul 14, 2017
483
956
Italy
No network expert here too. AFAIK double NAT isn't bad per se: you just have to know what are you doing – taking into account that usually every setup is done twice (say, a port forwarding).

Back to your issue: maybe a tool like Tailscale could help.
 
  • Like
Reactions: gilby101
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom