Can't connect to my own hostname

Question

When I connect to my VPN, I can't access my own hostname.

C:\WINDOWS\system32>ping my-laptop
Pinging my-laptop [172.25.224.1] with 32 bytes of data:
Request timed out.
...

The address 172.25.224.1 is the IP address of one of my interfaces, but since the VPN routes all traffic through HQ, obviously I can't access it.

Can I change the IP that my hostname is being resolved to?

I tried adding an entry in the hosts file, but it doesn't help. Probably because getaddrinfo returns all local IP addresses before DNS entries.

Can I add a route to override this?

After adding some routes, this is the relevant part of my route table:

PS C:\WINDOWS\system32> Get-NetRoute | Where DestinationPrefix -Like "172.25.224.*"
ifIndex DestinationPrefix    NextHop        RouteMetric ifMetric PolicyStore
------- -----------------    -------        ----------- -------- -----------
71      172.25.224.2/32      0.0.0.0                  2 15       ActiveStore
71      172.25.224.1/32      0.0.0.0                  1 15       ActiveStore
7       172.25.224.0/21      172.16.10.26             1          ActiveStore
71      172.25.224.0/20      0.0.0.0                256 15       ActiveStore

But here are the actual routes chosen:

PS C:\WINDOWS\system32> Find-NetRoute -RemoteIPAddress 172.25.224.1 | Select DestinationPrefix, NextHop
DestinationPrefix NextHop
----------------- -------
172.25.224.0/21   172.16.10.26
PS C:\WINDOWS\system32> Find-NetRoute -RemoteIPAddress 172.25.224.2 | Select DestinationPrefix, NextHop
DestinationPrefix NextHop

172.25.224.2/32   0.0.0.0

Why is the route I added for 172.25.224.2 working but the route for 172.25.224.1 not?

Why is 172.25.224.0/21 selected over 172.25.224.0/20 even though the latter is more specific?

Answer 1

What is the reason you need to access your own host using your LAN address instead of using localhost or 127.0.0.1 while connected to the VPN?

It may not be possible.

There is a security feature in almost all VPN configurations that blocks all local network connections while connected to the corporate network, via a VPN. This is to provide some degree of security by preventing someone with malicious intent from reaching the corporate server using your PC/Laptop as a stepping stone.

Reference Article: https://blog.lan-tech.ca/2013/02/21/access-local-and-vpn-network-simultaneously/#:~:text=There%20is%20a%20security%20feature,Laptop%20as%20a%20stepping%20stone.

The article continues:

In order to simultaneously access the local and remote VPN network you need to enable a feature called split-tunneling....If you have an Enterprise VPN solution such as Cisco, Watchguard, Sonicwall, or others, an end user cannot enable split-tunneling. It is managed by the VPN appliance and will require the administrator to configure and enable if they see a need to do so.

---

More info on Checkpoint and Split Tunneling: https://community.checkpoint.com/t5/Remote-Access-VPN/Split-Tunnel/td-p/34675

---

EDIT: If your administrator has set Route all traffic to gateway as Configured on endpoint client, you can uncheck it in your own checkpoint settings. If it is grayed out, then you cannot change it on your end. See this image: