Blog

Two VPNs and a subnet collision walk into a bar..

February 3, 2024

Originally article posted on Medium

Two VPNs and a subnet collision walk into a bar...

How more than one VPN requirement and a subnet collision can co-exist, even when you aren't networking savvy.

I’m that guy that family and friends use as their technical support service for everything related to computers, mobile phones, and TV streaming. That means I get some interesting questions that seem to have obvious answers but appear to be not so obvious to those around me. It also humbles me to know that those of us working in Silicon Valley to change the world and improve lives are still coming up short in so many ways.

That brings me to an ongoing theme of questions based on a lack of understanding of how networking works. For most, it means ‘wifi’. For others, it’s ‘the internet. And still, others don’t care about any of it; they just want to connect and stay connected.

Recently, my wife asked me for some help. She’s remote working at a small company, with requirements to be in their office a few times a week. She also manages her businesses which have their requirements. And there are her personal needs which involve getting to the NAS parked at home, regardless of her physical location. With all that activity, she has some challenges that require remote access to data, reporting systems, accounting systems, her office Windows desktop, as well as Zoom and Teams.

Her world has three legs: Home, Offices, and various travel locations. Depending on where she’s located, she needs access to her networked and online resources. That’s where her situation gets complicated. I had to solve multiple issues:

  • Simultaneous VPN connections
  • Subnet collisions
  • Changing physical locations

VPNs

With security being top of mind for everyone, getting remote access to LANs has become more challenging. Recent changes at one of her offices have required VPN access to get to her Windows desktop. At home, a Synology NAS acts as central storage for her work and personal life. Getting access requires that she uses DSM remote management. But that tends to be a broken experience and not as seamless as she would like it to be when switching between networks for file access. I have a home networking policy that limits remote access: No open ports, no port forwarding and use of a VPN. Using the VPN typically was her go-to way to connect back to the home office. But that also meant she required access to two LANs with their own VPNs because her office was forcing remote access via VPN.

Using two LANs simultaneously can be complicated and onerous. Sure, there are VMs (Virtual Machines) that can help accommodate but it doesn’t have to be that complicated.

Subnet Collisions

Along with setting up and providing her with access to these LANs, she was dealing with subnet collisions. That’s when you want to connect to a second LAN and it uses the same subnet addressing as the local LAN you are currently using. Common subnet addressing can be 192.168.1.x or 10.0.0.x and so on. Connecting two LANs with the same subnet addressing doesn’t work, and in fact, can cause a lot of headaches to make work. One approach is that one of the LANs needs to be changed. It needs to use a unique subnet addressing such as 192.168.2.x or similar so it can co-exist with the LAN that uses 192.168.1.X. But you’ll quickly realize that the energy and effort needed to make that change is far too great and even prohibitive.

Changing Physical Locations

Mobile workforces pose challenges for network access. A common tactic is to use IP Allow Lists. This is when you add a specific IP address to your network router or gateway to allow that external IP location to have access to the LAN. When dealing with networks that use more expensive equipment, Allow Lists are typically supported. But not all home networks or small business networks support this feature.

In those networks that do maintain ALlow Lists, an IT person has to manage the list. If you are at a hotel or coffee shop, that public IP needs to be added to the list. All too often, when you need your new IP address location to be added, the IT guy is busy, unavailable or taken away from something important. It’s not ideal.

VPNs may be an option, but probably not when you need to access multiple LANs concurrently.

Solution

Solving for two simultaneous VPN connections is above my pay grade. I don’t want to deal with it. Solving for subnet collisions falls into that same bucket but is more manageable should I want to invest the time. I find that I ask myself, “why oh why did I choose 192.168.1.X for my home LAN?”. That was a long time ago, and since then, I have over 70 devices on my IoT-friendly LAN. Changing to a different subnet is not how I want to spend a weekend.

That’s where Remote.It comes to the rescue.

To solve for subnet collisions and simultaneous VPN access, I use Remote.It which lets me map remote network resources to the local PC that requires access to the remote LAN resources. The VPN requirement becomes optional, effectively eliminating the need to solve for simultaneous VPN access. That’s a huge win!

Remote.It is like a VPN but better — it creates encrypted tunnels but maps the connection directly to the remote LAN resource without exposing other network resources on the remote LAN. A typical VPN setup provides subnet access and exposes anything on that subnet. With Remote.It, I can now create a secure connection to the remote Windows desktop at her office, then let her use RDP (Remote Desktop Protocol) to get full access to the PC desktop and associated files, printers, and storage options on her workplace LAN. Pretty nice!

Now for the challenge. While connected to that work PC, she also needs to connect concurrently to the home network to get access to other resources. She has tried the DSM access utilities, but it’s not always a smooth enough experience. She wants Windows File Explorer to give her a mapped drive to her Synology storage locations so she can drag and drop to her heart’s content. With Remote.It, I can set up a mapped resource that gives her the capability to use SMB to transfer files. And she gets concurrent access to the Synology NAS located at home while connecting to her Windows work PC via RDP. Again, Remote.It maps the Synology as a secure connection to her Windows laptop File Explorer without the need to go through a VPN.

The subnet collisions are handled because Remote.It assigns a unique address to the remote resources, regardless of the subnet addressing that is used. The PNP connection is encrypted and ensures no data snooping. Problem two was solved with no additional setup and configuration!

Now, when she grabs her laptop and moves around — coffee shops, hotels, and any remote location — it doesn’t matter what she needs to remote access. It appears in File Explorer and she can use her applications as she normally would use them, regardless of her physical location. Everything just works together and provides her with connected access that relieves her and her IT support guy (me) of the headaches of supporting her workflow.

In today’s work-at-home and mobile workforces, this makes a huge difference in accessibility and removes significant technical barriers.

Remote.It is free to use for personal use. It’s a time saver and will become a valuable tool in your arsenal of networking problem solving, both at home and at work.

Related Blogs