Home Printing – Connected to a VPN
My company, like many others out there, requires you to sign on to a VPN to allow you to access the “internal” network. A work colleague recently complained that when she did this at home she could no longer print to her home printer which was shared on a Windows machine on her home network. The only way this worked was if she used the VPN from the actual print server PC herself – a workaround but not ideal.
The reason this was happening was that the VPN adapter was making itself the default gateway for all of her traffic, including the requests to the print server. Since the work network has no knowledge of your home network, the requests simply get discarded. I put together an e-mail to show her how to get around this issue, temporarily at first and permanently should she require it. Since this might be quite common, I have transcribed that e-mail below into a small general How-To.
First off, there are a couple of things you will need to know/do:
- The IP Address of the computer that is acting as your Print Server (in the example that is 192.168.1.103)
- The IP Address of your home network’s router (in the example that is 192.168.1.1)
- Make sure that the printer is set up to map via the IP address and not the computer name
Number 3 is easily checked in the properties of the printer you added to your machine – if it is added with the name rather than the IP address, just modify (or delete and re-add) it.
As for 1 and 2, since I know everyone is not a geek and does not know this stuff off the top of their head, we’ll go through the steps you would take on a Windows machine:
First run this command (in bold) from a command prompt (Start >> All Programs >> Accessories)
C:\Documents and Settings\adam>ipconfig /all
Your output should look like this anything in [] and bolded is inserted by me – I ran this on the machine that was connected physically to the printer and was acing as the server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC-xxxxxx
Primary Dns Suffix . . . . . . . : xxxxxxx
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxxxxx
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : xxx.xx.comcast.net
Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Controller
Physical Address. . . . . . . . . : xxxxxxx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.103 [IP Address of the computer on the home network]
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1 [IP Address of your Router]
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.87.73.242
68.87.71.226
Lease Obtained. . . . . . . . . . : Friday, March 02, 2007 12:18:51 PM
Lease Expires . . . . . . . . . . : Saturday, March 03, 2007 12:18:51 PM
So, from the above, you can find out the IP of the machine you are using on your home network as a print server and the IP of your home router – the default gateway.
Now, as an FYI, the reason why you can’t get to your printer is because the VPN client has gone and grabbed your default gateway. You can see this by running the command below (relevant line is bolded) – all 10. addresses have been changed from actual values and I’ve removed some lines for brevity:
C:\Documents and Settings\adam>route print
===========================================================================
Interface List
0×1 ……………………… MS TCP Loopback interface
0×2 …00 xx xx xx xx xx …… Broadcom 570x Gigabit Integrated Controller – Packet Scheduler Miniport
0×20004 …00 xx xx xx xx xx …… Cisco Systems VPN Adapter – Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 128.0.0.0 10.100.100.101 10.100.100.101 1
255.255.255.255 255.255.255.255 192.168.1.122 192.168.1.122 1
Default Gateway: 10.100.100.101
===========================================================================
Persistent Routes:
None
Now, onto how to get around this issue, here’s how I did it for mine, first I try to ping the server from another machine on the home network that I have connected to the VPN. Remember, 192.168.1.103 is the IP of the machine I have set up as the printer server:
C:\Documents and Settings\adam>ping 192.168.1.103
Pinging 192.168.1.103 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.103:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
As expected, no luck. So now for the magic command:
C:\Documents and Settings\adam>route add 192.168.1.103 MASK 255.255.255.255 192.168.1.1
Now, we should be able to get to it, so lets ping again:
C:\Documents and Settings\adam>ping 192.168.1.103
Pinging 192.168.1.103 with 32 bytes of data:
Reply from 192.168.1.103: bytes=32 time=2ms TTL=128
Reply from 192.168.1.103: bytes=32 time=1ms TTL=128
Reply from 192.168.1.103: bytes=32 time=1ms TTL=128
Reply from 192.168.1.103: bytes=32 time=1ms TTL=128
Ping statistics for 192.168.1.103:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
Hooray! Mission accomplished…….
Now obviously you don’t want to have to do that each time, but that’s the quick way of figuring out if you have everything working. The general form of this command is:
route add [IP Address of Print Server] MASK 255.255.255.255 [IP Address of Home Router]
Once you substitute in the appropriate values for your network, you can save that line to a text file (using notepad or any other plain text editor). Then either save as .bat rather than .txt or change the .txt extension to .bat after the fact. Place the file on your desktop and you can then just double click that .bat file to run the command and fix your routing as needed.
Alternatively, once you are happy that this works you can add it as a persistent route – this stores the route in the Windows registry and keeps it in your routing table permanently. This is very easy to do, you just add a -p flag like so:
route -p add [IP Address of Print Server] MASK 255.255.255.255 [IP Address of Home Router]
And that’s it – if you find this useful, then let me know – my colleague has already successfully applied this to her situation and had no problems. If you have any suggested improvements, either drop me an e-mail or leave a comment in the blog.
Technorati Tags: printing, vpn, Cisco VPN, routing, persistent routes, home networking, vpn, home, printing problems
This is great – I would love to be able to use my home network computer while VPN’d to work!
Regarding:
“Number 3 is easily checked in the properties of the printer you added to your machine – if it is added with the name rather than the IP address, just modify (or delete and re-add) it.”
Could you provide some more details about this? I went to Control Panel, Printers, right clicked on the networked printer, and selected properties. There I see, under the General tab, an unnamed entry field that has the name of the printer in it, a “Location” field that is blank, and a “Comment” field that is blank. Should I change one of these fields?
Regarding how I added it, I really don’t know if I added it by Name or by IP address because I ran a Canon MX700 Wizard and, at the end of the process, the printer showed up on the list. If I now delete the printer, then the only process I know to add it back is to rerun the Wizard, which I expect would do the same thing it did before.
Thanks,
Ralph
Ralph,
Explaining how to add/remove a printer is a little beyond the scope of this little write up – if you are mucking about with network settings and running a VPN then it’s kind of assumed you can add/remove hardware. A quck bit of Googling “Add a printer windows” got me this link for Vista:
http://windows.microsoft.com/en-US/windows-vista/Add-or-remove-a-printer
If you are using something else, try Googling for that version more specifically.
Good luck.
Adam
Thanks so much for posting this guide. I work in a one-person office so it’s a lot like being at home, especially when tech support in the mother ship don’t understand the quirks of the local setup. Anyway, I’d searched high and low for a way to be able to print to the office printer (which is hooked up to the network and has its own IP address) when using the VPN.
The only part of your instructions that didn’t work for me was creating a persistent route, so I used a batch file. Since the user account under which I use the corporate VPN is very locked down I needed also to add the “runas” command to get it to work. So now I log onto VPN, click the batch file, enter local admin password, and hey presto I can print for the rest of the VPN session…! Here’s my batch file in case anyone else has the same problems.
runas /noprofile /user:[computername]\[localadminusername] “route add [printer IP address] MASK 255.255.255.255 [router IP address”
pause
Thanks again!
Awesome! it worked like a Charm! Thanks.
Thank you! I was about to toss out the computer because of this persistent trouble when I was trying to print. I’m far from a computer geek, but was able to figure it out with your clear instructions.
Dude thank you ever so much. I have spent hours looking for a solution and yours worked like a charm…
In my case – home network, Ethernet, networked printer (i.e., no computer is serving as the print server), 3 computers – I have exactly the same problem with printing (i.e., I can’t) when VPN’d to my workplace. How would your procedure be modifed in that case?
Is this the same configuration if you are a remote user with a printer at home, connect to the office via VPN, using the software on the server (in this case SAGE line 50) and then trying to print to the printer right next to you?! The issue I have is that I can ONLY print to the printer on the office network when I am in a VPN session using the software on the server, then I have to get the office to post me the print outs!!!
I just bought a new router. With the old router, I could print docs from a remote desktop machine I was connected to via a vpn just fine. New Router, couldn’t do it. Your fix saved me. All is well now.
Thanks
Leslie or anyone,
Is there reason or setting that would stop this for working for me. I also have just a printer, not a server, that I need working while on vpn, i type – route add (ip of printer) mask 255.255.255.255 (default gateway of network that the printer is on)
thanks
Thanks! Very handy, and now I don’t have to wait a week for an answer from our help desk.
Adam,
If you use the persistent setting, what happens when your IP address changes. Being in an office environment and bringing our laptops home at night and back in the morning the IP has a possibility to change being Dynamic IPs. How would that work?
Thanks,
David
David,
That will depend on your office network, of course, but the most likely scenario is that you will just have a route to a private home network that doesn’t work. The issues come in when your home and office networks overlap. Normally that is not the case, as most offices will stay away from 192.168.x.x ranges you usually find on home routers. Your mileage may very of course – if in doubt, just make yourself a little script to add it and another to delete it and put them (or shortcuts to them) on your desktop for easy addition/removal.
Adam
Adam,
The issue is not the home network.
We have an office that uses VPN to connect to our corporate office over comcast.
We have local printers on our in-house network. Very small network. One router behind the cable modem with laptop PC’s and printers attached.
The problem is that we cannot print to the local printers when we are on VPN unless I add the route command. This is fine as long as our IP address stays static, but we have dynamic IP’s so we can go to our clients office or home. When we come back to the office our IP could be different again.
Any suggestions?