VPN Loses IP-based LAN Printer
We ran into a problem recently on a client's LAN where they seemed to randomly lose the connection to their IP-based local printers. It turned out, of course, to not be so random after all but actually happened whenever the client started up a VPN connection to another corporate office.
The symptom was that when they printed something it would get sent to the printer queue but then the printer queue would time out and report that the printer was off line. The client reported that everything would print when they shut down their computer just before they left for the evening.
We searched the web for solutions and found that a lot of people had the problem -- "printer connection lost when VPN connected" -- but there didn't seem to be any publicly posted solutions. Finally, with faith that two heads really are better than one, I called super tech and friend Irve Towers at New Target, Inc. down in the D.C. area and sure enough he quickly came up with an understanding of the problem and, even better, the solution to it as well.
It turns out that the problem is that the local area network IP address range is the same as the range used by the LAN that the VPN is connecting to. It probably happens a lot because -- well; how often do you change the default IP address range in an out of the box router. Most come from the factory using 192.168.1.x with the '1' for the class-C range.
So the local office network was using "1" for the class 'c' range and so was the remote office. Whenever the client connected to the remote network he would lose contact with his local resources because they were on the same, conflicting address range.
SOLUTION:
Change the IP class-c address range used by one or the other of the local area networks.
Since we couldn't change the address range of the remote office system we changed the address range used in the local LAN. It was easy and fast to do by changing two settings in the local LAN router:
- First, set the DHCP manager in the router so that it assigns addresses in a different class-c range. We chose '2' -- as in 192.168.2.x. (Any legal number that is different from the remote office's class-c range would be fine).
- Second (and it must be 2nd, or you might lose contact with the router) change address of the router itself to match your new class-c configuration. This router now became "192.168.2.1".
After that we made all of the network devices -- PCs, laptops, printers and scanners, renew their DHCP addresses from the router -- mainly by rebooting them. One printer had an assigned address and it needed to be manually changed, but once that was done the problem went away.
Because the local LAN and the remote VPN-connected network now used different IP class-c address ranges there was no longer a conflict with the addresses used on the two networks and now when the VPN was connected the client's PC could still "see" and use his IP-based printer.
