How to Keep original IP address

I have VPN Server and a VPN Client. I need to insure all my connections go through my VPN Server at home. I setup a Static Route on my VPN Client and works like a champ on my personal devices.

The problem is that in my corporate laptop works as well but it gives my IP from my home server. I need to insure my connection goes through my home server but still returning the IP from my corporate VPN otherwise some resources get blocked.

I don't have admin privileges and I don't want to turn off the corporate VPN.

My corporate laptop connects to the Wifi via my VPN Client router.

How can I accomplish so?

Hmm i might get confused about your previous topic :wink:

So if you have a topology like:

Router with vpn client to home server <-> corporate laptop with the vpn program on.

In theory your packets should transfer like:

  1. 10.0.8.1 (assuming this is the virtual ip of your laptop vpn)
  2. some exchange peering ip
  3. corporate ip

Outside the tunnel it goes:

  1. 10.8.0.1 (routers vpn)
  2. 192.168.1.1 (if you had a other router upstream)
  3. exchange peering ip
  4. Your home ip
  5. It goes over wan at home decrypted to your corp vpn (also here you can do tracerts/traceroute)
  6. Exchange peering
  7. Corporate ip

You can use tracert :wink:, there are also phone apps for android to do a tracert so you can check between laptop and a other device if you type google.com.

If they are different then you know it works.

If you say your laptop gets routers public vpn ip, then i think your laptop is not using the corporate vpn.

1 Like

I did traceroute here's the result. I don't see anything related to my home server VPN, like if the corporate VPN was bypassing it. That's why I'm assuming it's not going through.

Scenario A):

Coorporate VPN on, VPN router Client on, VPN router Sever on. This gives back the IP generated by the corporate VPN.

traceroute to www.google.com (142.251.40.100), 64 hops max, 40 byte packets
 1  * * *
 2  170.85.73.4 (170.85.73.4)  27.217 ms  24.628 ms  11.558 ms
 3  * * *
 4  0.ae51.er1.ewr5.us.zip.zayo.com (216.200.64.178)  18.180 ms  14.995 ms  17.517 ms
 5  * * *
 6  * * *
 7  72.14.215.92 (72.14.215.92)  18.357 ms  14.051 ms  14.681 ms
 8  * * *
 9  142.251.65.108 (142.251.65.108)  20.951 ms
    142.251.65.110 (142.251.65.110)  16.918 ms
    142.251.60.180 (142.251.60.180)  16.843 ms
10  108.170.235.133 (108.170.235.133)  17.905 ms
    192.178.106.18 (192.178.106.18)  15.945 ms
    192.178.106.20 (192.178.106.20)  21.436 ms
11  lga25s79-in-f4.1e100.net (142.251.40.100)  17.152 ms  18.183 ms  16.521 ms

Scenario B):
Coorporate VPN on, VPN router Client on, VPN router Sever on. Static routing setup on the VPN router client and this gives back the IP from my home.

console.gl-inet.com (192.168.8.1)  3.382 ms  2.061 ms  1.941 ms
 2  10.0.0.1 (10.0.0.1)  9.248 ms  14.439 ms  7.812 ms
 3  38.125.206.129 (38.125.206.129)  12.662 ms  12.397 ms  11.548 ms
 4  10.0.65.98 (10.0.65.98)  9.561 ms  11.918 ms  16.241 ms
 5  10.0.65.97 (10.0.65.97)  8.937 ms  9.137 ms  10.881 ms
 6  10.0.64.22 (10.0.64.22)  9.902 ms  10.198 ms  12.538 ms
 7  * * *
 8  * * *
 9  be3590.rcr24.jfk01.atlas.cogentco.com (154.24.33.169)  22.542 ms  10.406 ms  10.730 ms
10  be2897.ccr42.jfk02.atlas.cogentco.com (154.54.84.213)  9.737 ms
    be2896.ccr41.jfk02.atlas.cogentco.com (154.54.84.201)  17.417 ms
    be2897.ccr42.jfk02.atlas.cogentco.com (154.54.84.213)  9.396 ms
11  be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)  10.478 ms  10.343 ms
    be3294.ccr31.jfk05.atlas.cogentco.com (154.54.47.218)  10.733 ms
12  tata.jfk05.atlas.cogentco.com (154.54.12.18)  13.282 ms  9.748 ms  10.706 ms
13  if-be-9-2.ecore1.n75-newyork.as6453.net (63.243.128.122)  11.722 ms
    63.243.218.9 (63.243.218.9)  11.050 ms  11.227 ms
14  72.14.221.146 (72.14.221.146)  15.489 ms  12.038 ms  10.782 ms
15  * * *
16  142.251.60.230 (142.251.60.230)  17.105 ms
    142.250.46.196 (142.250.46.196)  10.992 ms
    142.251.60.234 (142.251.60.234)  15.118 ms
17  192.178.106.162 (192.178.106.162)  13.990 ms
    192.178.107.42 (192.178.107.42)  12.708 ms
    192.178.106.156 (192.178.106.156)  14.310 ms
18  142.251.68.255 (142.251.68.255)  11.943 ms
    209.85.255.36 (209.85.255.36)  18.046 ms  28.198 ms
19  142.251.227.116 (142.251.227.116)  17.526 ms *
    142.251.227.78 (142.251.227.78)  24.739 ms
20  142.250.215.195 (142.250.215.195)  18.205 ms * *
21  72.14.239.89 (72.14.239.89)  29.400 ms  27.687 ms
    192.178.81.141 (192.178.81.141)  75.177 ms
22  72.14.236.168 (72.14.236.168)  23.940 ms
    142.251.68.89 (142.251.68.89)  26.766 ms
    74.125.253.44 (74.125.253.44)  40.849 ms
23  216.239.47.211 (216.239.47.211)  24.162 ms
    216.239.48.39 (216.239.48.39)  24.013 ms
    209.85.255.255 (209.85.255.255)  23.077 ms
24  * * *

It looks fine to me :+1:

Assuming the 72.14.215.x ip is probably your corporate network or vpn gateway at home.

They are different routed so that is all good.

The vpn skips hops because it is encapisulated and will follow the route directly instead of home (i edited this), this is inside the tunnel, outside the tunnel you will see the same as the second result.

If you had the same result as your second one in the laptop then it didn't work and likely the vpn of laptop was off.

Yes the 72.14.215.x is te ip from the corporate computer.

Sorry, I didn't understand this part:

The vpn skips hops because it is encapisulated and will follow the route directly instead of home

by "instead of home" you mean is not going to my VPN home Server?

No, it will go through the home vpn server, but the tunnel doesn't know about the route outside, what you see is the route inside the tunnel.

With other words, it doesn't show the same hop count like outside.

What i try to show you, is when you use the other device to test the trace that is the outside scope of the tunnel :wink:

If that was the same trace inside the tunnel then you had a problem.

You can also think it as this way:

If you had multiple routers connected on wan, for each upstream router the downstream one is shown as a client ip, in your case the router at home with the vpn server also sents it to your corporate vpn but that is not what you can see inside the tunnel.