Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Home IP range overlap with Work VPN

    L2/Switching/VLANs
    3
    5
    553
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NickH 0
      last edited by

      Hello All

      First time here and first time pfsense user.

      I moved over to a netgate 2100 on the weekend. I have nothing fancy initially just a wan and lan as it is out of the box.
      This morning i try to connect to the vpn at work and nothing was working. After investigation turns out the new ip range i chose for the pfsense default lan network overlaps with the work vpn client ip range (i cant believe my luck).

      Now i only need the one device to vpn in and i dont really want to go and reconfigure everything again on the netgate.

      My question is this - can i create a new vlan and apply it only to this work device and put it in a different range to the default lan so it when i vpn in it doesnt overlap?

      Thanks in advance

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @NickH 0
        last edited by

        @nickh-0

        Ah... The joys of NAT.

        Why not just pick a different subnet for your network. I ran into this problem years ago, when I was travelling with my work and would find the hotel subnet conflicted with my home network. I moved my home network to the 172.0.0.0 range, which is rarely used elsewhere.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        N 1 Reply Last reply Reply Quote 0
        • N
          NickH 0 @JKnott
          last edited by

          @jknott
          Thanks for the reply. usually i would, but being a consultant and working with various clients and projects the risk of running into an overlapping IP is high and need a permanent solution to allow me to "adapt" and was thinking i could have a vlan that i can change as needed rather than continuously changing my home subnet - if that makes sense.

          JKnottJ NogBadTheBadN 2 Replies Last reply Reply Quote 0
          • JKnottJ
            JKnott @NickH 0
            last edited by JKnott

            @nickh-0 said in Home IP range overlap with Work VPN:

            and projects the risk of running into an overlapping IP

            That's why I went with something in the 172. range. I have only once seen anything there, but there are plenty in the 192.168 & 10. ranges. Then, when you do pick a subnet, don't pick one that ends in 0, 1, etc., to stay away from popular choices.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad @NickH 0
              last edited by

              @nickh-0 said in Home IP range overlap with Work VPN:

              @jknott
              Thanks for the reply. usually i would, but being a consultant and working with various clients and projects the risk of running into an overlapping IP is high and need a permanent solution to allow me to "adapt" and was thinking i could have a vlan that i can change as needed rather than continuously changing my home subnet - if that makes sense.

              Use 172.31.255.0/24, most of your customers if they have their heads screwed on won't allow split tunnels.

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.