Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

L2TP MacOS client and local and remote lan with same subnet

KeenoKeeno Newbie ✭
edited April 2021 in VPN Client

Hi!

I came here on the community after using a Sonicwall TZ 400 for a customer for a couple of years.

When I configured it first, I had no problem because all customer's clients were Windows PC.

The problem came when I had to connect to their lan from remote with my Macbook to do some maintenance.

At first, since I found that there weren't no MacOS Sonicwall clients as per Windows, I used a workaround: a VirtualBox WM with Windows 7, but it's a "borderline" solution that I can't use with ease.

Recently I came in contact with Sonicwall tutorial "L2TP VPN Configuration on Mac OS X" and configured my MacBook with these instructions.

When I'm on mobility I've no problem, as when I'm in some LANs, but, when I'm at my new office, shared with several other people, I can't use LAN to connect because my local address and remote customer's ones are with same subnet 192.168.1.x

As you can understand, I can't change none of the two because of their already consolidated structure.

So, my question is: is there a way I can connect to the customer LAN from within my office one using the existing configuration?

For an example, I'm in a similar situation with another customer (this lan too is 192.168.1.x) but he has a Fortinet appliance and I can use Forticlient with no problem.

A big thank you in advance to every reply

I hope I well explained my issue and, above all, please excuse my English.


have a nice day

Category: VPN Client
Reply
Tagged:

Answers

  • SaravananSaravanan Moderator

    Hi @Keeno,

    Thank you for visiting SonicWall Community.

    Please refer below KB article web-link and configure the SonicWall as prescribed. We should follow NAT over VPN.

    In your case, you are using L2TP VPN and most of the configuration depicted in the below KB will match your scenario.

    Please go through the KB article and let us know for any help.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    On a Mac the only supported client is Mobile Connect, which works ok. You might have two issues, one being the fact that you are using L2TP which is a legacy protocol and it doesn't work well in all scenarios anymore. Through L2TP there could be issues with delivering routes to the client computer. Not all vendors even support adding routes to the client through L2TP, I haven't tested this with Sonicwall even though I exclusively use a Mac myself, because I always use Mobile Connect.

    The other issue you have are identical local and remote networks. If this works with other vendor's client, it's probably because they have set "tunnel all" mode so all traffic goes through the VPN connection.

    For this I think you have three options:

    1. Use NAT like @Saravanan suggested.
    2. Use "Tunnel All" mode.
    3. Add the route manually in macOS command line, for example "sudo route add -net 192.168.1 -interface ppp0". Usually the interface with L2TP is ppp0, but with Mobile Connect it's utun0 or some other number depending if you have other interfaces.

    If you don't have licenses for SSL-VPN and want to keep using L2TP, one option is to try VPN Tracker software. It's a commercial product so would mean spending money either on that or SSL-VPN licenses for Sonicwall. But with the NAT solution, perhaps the built-in macOS L2TP client would work as well without spending anything extra.

  • KeenoKeeno Newbie ✭

    Hi!

    Above all, thank you so much to you all for your kind replies.

    Then, some words about them:

    I used this tutorial to configure MacOS client

    (SonicOS 6.5 section) since I had no luck with Mobile Connect as you can see in attached images: it says that SonicWall is unreachable or isn't a Sonicwall appliance and, if forced, gives me an error.

    As you can see, address is correct, so I don't know what to think.

    the simplest solution, "tunnel all", I think disables my chance to use my local services, when connected, or am I wrong?

    so, I think that the only way is configure NAT

    Again, thank you very much!


Sign In or Register to comment.