Virtual IP addresses for VPN clients

You can use a Virtual Adapter to assign the VPN client an IP address in the VPN, independent of the address the VPN client computer uses in its local network.

The virtual IP address is only used in communications through the VPN tunnels. The VPN gateway gets the IP address and network settings of the Stonesoft VPN Client from the an external DHCP server and forwards the information to the Stonesoft VPN Client. For one-way access without DNS resolving, the VPN gateway can alternatively be set up to apply NAT to translate the Stonesoft VPN Client connections. This method is meant for testing purposes.

The VPN gateway specifies the destination IP addresses for traffic that the Stonesoft VPN Client sends into the VPN tunnel. The IP addresses are configured as Site elements for each gateway in the Management Client. When the Sites contain specific internal networks, the Stonesoft VPN Client receives a configuration for split tunneling. Split tunneling means that only the specified portion of traffic uses the VPN tunnel, and other connections use the local network as usual.

This feature requires the following:
  • You use an external DHCP server to assign the IP addresses.
  • The users use a VPN client that has a Virtual Adapter feature. The Stonesoft VPN Client always has this feature installed and active.

Most DHCP servers allow a configuration in which a particular client computer is always assigned a particular IP address. For example, the DHCP server might assign the IP address based on the MAC address if VPN clients have fixed MAC addresses for their Virtual Adapters. By default, when the Stonesoft VPN Client virtual adapter requests an IP address, it uses the MAC address of the physical interface used in the VPN connection.