Roadwarrior two subnets the same - Would this cause issues?
-
Suppose that I have Site-A which would be the pfsense OpenVPN Server, and the network would be something uncommon like 172.20.10.1 to avoid IP conflict. FYI I would configure OpenVPN to use the 10.0.8.0/24 tunnel.
Question #1: What if a roadwarrior-A connected from a coffee shop with the 192.168.1.0/24 network and another roadwarrior-B was in another coffee shop with 192.168.1.0/24. Would these two warriors cause headache because they are coming from same subnet addresses?
Question #2: If I had roadwarrior-C with the subnet of 172.20.10.0/24 would this cause issues?Thanks,
Rhett
-
Suppose that I have Site-A which would be the pfsense OpenVPN Server, and the network would be something uncommon like 172.20.10.1 to avoid IP conflict. FYI I would configure OpenVPN to use the 10.0.8.0/24 tunnel.
Question #1: What if a roadwarrior-A connected from a coffee shop with the 192.168.1.0/24 network and another roadwarrior-B was in another coffee shop with 192.168.1.0/24. Would these two warriors cause headache because they are coming from same subnet addresses?
No problem until both RoadWarriors want to communicate with each otherQuestion #2: If I had roadwarrior-C with the subnet of 172.20.10.0/24 would this cause issues?
Yes if the destination where the RoadWarrior wants to connect to is on the subnet of 172.20.10.0/24. No problem probably with other destination subnets. But not 100% sure.Thanks,
Rhett
-
Actually in case #1 you probably wouldn't have a problem. When a road warrior connects, and talks on the VPN tunnel, the traffic from the client should be coming from its OpenVPN client IP, not the IP it obtained from the coffee shop network.
In case #2 you would have a problem trying to reach anything in that subnet, yes. It would believe it was local. You could setup some 1:1 NAT for another unused subnet that people can use in that case though, like 172.20.11.0/24 that maps on the OpenVPN interface to 172.20.10.0/24 on the inside. Then if you have a conflict, the clients just connect to IPs in the alternate subnet.
Though with that odd of a subnet I doubt you'd ever hit a coffee shop or hotel using that.