It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

How do I publish extra subnets for Network Connector in my Barracuda SSL VPN?

  • Type: Knowledgebase
  • Date changed: 3 years ago

Solution #00004455

Applies to all Barracuda SSL VPNs.

By default, Network Connector will only allow connected clients to see IP addresses on the same subnet that the Barracuda SSL VPN unit is on. If you need to publish extra subnets from your LAN to the clients, you need to do one of the following:

For basic usage - if you want all clients to use the same routes regardless of operating system/client configuration, and to route via the default gateway of the SSL VPN itself:

  1. Under the Server Interface configuration, add any extra CIDR networks to the Published Networks list (i.e.
  2. NOTE do not add the subnet of the SSL VPN itself. This should not be routed as Network Connector operates at layer 2 and creates a virtual Ethernet adapter

 For advanced usage - if you want to use different routes for each OS, or the required gateway is not configured on the SSL VPN itself

  1. Create the correct route command for each operating system by editing the Network Connector client configuration that will be used, under Resources > Network Connector > LAN1 Client > Edit.
  2. Add the route command in the up commands section (examples below)
  3. Repeat for all client configurations which require it

For example, if the Barracuda SSL VPN is on and you need to route to via

Windows: route add mask

OS X: route add

Linux: route add -net netmask gw

Linux (alt.): ip route add via

Additional Notes:

The gateway must be on the same broadcast domain as the Barracuda SSL VPN and its clients

Whichever gateway is used must be able to route to the other subnet

Any firewalls or router ACLs must be configured appropriately to allow access from the Barracuda SSL VPN client IP address pool to the subnet in question

The Barracuda SSL VPN is not a firewall and will not limit traffic. This network control must be achieved using existing firewalls


Link to this page: