Access my home network printer while I am using VPN to connect to work

Although it may be possible to achieve this, using Split Tunnelling, it will almost certainly break your terms and conditions of use for the work network. In extreme cases, you could lose you job over things like that.

Remember that a VPN provides a secure link from your local machine or network to the remote LOCAL Area Network. This means that your machine behaves as though it were directly connected to the work LAN.

So allowing other local facilities to work is a security issue.

Your best bet is a direct (USB) connection to your computer from the printer.

UPDATE:

You could make your printer public by exposing it's interface via your router. But don't forget that, while on the VPN, it is most likely that your Internet access goes via the corporate firewall & gateway so printer ports are almost certainly blocked there. Again, allowing printing to the Internet is a massive security hole.

It is also possible to have a local printer on the VPN but only if your VPN endpoint is in your router rather than your PC (unlikely) making your local network part of the corporate network. Of course, in that case, you wouldn't need to do anything else since the printer would now be visible to the PC. This is unlikely to be allowed by your work, again because it opens up many opportunities for security issues.

Sorry but the most likely best bet is still to physically connect your PC to the printer the old fashioned way!


What's happening here is that the VPN client is setting your default gateway to the VPN server. This means that all your LAN-destined network traffic is routed through the VPN, and the VPN server will dump the traffic since it is for a private, non-routable subnet (likely 192.168.x.x).

All you need to do is update your routing tables to send LAN traffic to your typical local gateway (i.e. your router). You would probably need to do this every time you disconnected & reconnected the VPN.

You would use the 'route print' command to view routing tables after connecting to the VPN. You would expect to see the default gw (0.0.0.0) destination as your VPN endpoint.

Making this change could indeed bypass some security 'policy' the IT department is attempting to enforce. I would also advise contacting your IT dept. to see if there is any issue with manually modifying the configuration on the system. No point in getting in trouble for something so minor.

[EDIT - additional info as requested]

[DISCLAIMER: modifying routing tables can mess up your access to the Internet or other networks. Changing settings related to a corporate VPN may violate company policy and result in disciplinary action. You've been warned, etc.]

After connecting to the VPN, confirm routing to your printer by running tracert MY_PRINTER_IP. If the routing hops go through the VPN endpoint, you've confirmed traffic for the printer is being routed there, and this is the issue.

route print would display existing routing tables, where you would expect to see the 0.0.0.0 (default gw) entry being directed to the VPN endpoint.

You would use the route ADD command to add an appropriate routing command for your printer. For example, to add an entry for just a single IP that you want to keep on the LAN, you could use:

route ADD MY_PRINTER_IP MASK 255.255.255.255 MY_LAN_ROUTER_IP

You may need to adjust metric on the route to ensure it is chosen first, although a more specific route generally always takes precedence. Repeating the tracert after the change should verify if routing has been updated and is working as expected. If all is good, you could add the routing rule as a static one with a '-p' flag on the ADD command, otherwise the rule is temporary and will be discarded on reboot. The VPN client may also nuke & rewrite all routing rules every time it is connected.