Exclude Local Networks Via Juniper NetScreen-Remote VPN

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, August 26, 2010

Follow me on Twitter as @mattiasgeniar

If you’ve configured your Juniper NetScreen-Remote VPN to route all your traffic through your VPN tunnel, you’ll find you get stuck when accessing local IPs on your (home) network, such as a NAS, printers, computer shares, …

This is usually how it’s configured in the Security Policy Editor.

NetScreen-Remote: IP Subnet/Mask 0.0.0.0

If you want to keep having access to your local IP range(s), create a new connection under “My Connections” and add it as follows.

NetScreen-Remote: Local Network Exception(s)

Choose the following configuration settings.

  • Connection Security: Non-secure
  • ID Type: IP Subnet
  • Subnet: 172.16.0.0
  • Mask: 255.255.255.0
  • Protocol: All
  • Interface Name: Any

It goes without saying you you replace “172.16.0.0” with the IP range you want to have direct access to. Credits to David Geens for pointing it out!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.