Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Same ip subnet for two VPN

    Scheduled Pinned Locked Moved OpenVPN
    openvpn
    10 Posts 5 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mistermaster
      last edited by

      Hi all,
      I need some help with configuring OpenVPN server.

      I have this configs:
      network A (OVPN):

      • subnet: 192.168.1.0/24
      • vpn type: TUN

      network B (OVPN):

      • subnet: 192.168.1.0/24
      • vpn type: TUN

      network C (client):

      • subnet: 192.168.2.0/24

      network A and B are in different geographically locations.
      Individual connection at the networks A and B are ok.

      Questions:

      1. If a client from network C connect both at the networks A and B at the same time, it can cause ip conflict, correct?
      2. I think my problem is very similar to this one, correct?
        https://forum.netgate.com/topic/39576/solved-openvpn-and-nat-for-same-subnet/5

      Goal:
      I want to configure OVPN server in network B with some firewall and/or nat rules to the subnet 192.168.11.0/24, so it doesn't conflict with the network A.
      I know that I can simply remap the ip configurations in network B, but I can't do it.
      Is there a way to achieve this?
      Thanks!

      JKnottJ V 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @mistermaster
        last edited by

        @mistermaster

        You cannot have the same subnet on multiple networks. The network address, in your example 192.168.1.0 /24 is used to determine which way to forward a packet. If 2 networks have the same network address, which way is that packet sent?

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        M 1 Reply Last reply Reply Quote 1
        • M
          mistermaster @JKnott
          last edited by

          @JKnott Network A and B are not connected directly, so if I want to send a packet to 192.168.1.10 in network B, I need to send packet to 192.168.3.10 (for example) because openvpn server should translate it.
          if destination 192.168.3.101 --> 192.168.1.101
          And so on...

          JKnottJ 1 Reply Last reply Reply Quote 0
          • V
            viragomann @mistermaster
            last edited by

            @mistermaster said in Same ip subnet for two VPN:

            I think my problem is very similar to this one, correct?
            https://forum.netgate.com/topic/39576/solved-openvpn-and-nat-for-same-subnet/5

            And why don't you try that solution.
            As far as I know it should work that way.

            1 Reply Last reply Reply Quote 1
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              I never understand why users love to just shoot themselves in the foot... for no freaking reason..

              If site A and B are under your control - why and the F would you run the same network scheme at these 2 locations... You have ALL of rfc1918 space to use.. ..

              Site A 192.168.1/24
              Site B 192.168.2/24

              Problem solved..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 2
              • JKnottJ
                JKnott @mistermaster
                last edited by

                @mistermaster said in Same ip subnet for two VPN:

                @JKnott Network A and B are not connected directly, so if I want to send a packet to 192.168.1.10 in network B, I need to send packet to 192.168.3.10 (for example) because openvpn server should translate it.
                if destination 192.168.3.101 --> 192.168.1.101
                And so on...

                What are they connected to? What network is 192.168.3.0? Where is it connected? Regardless, if you're expecting a network anywhere to be able to reach both A & B it won't work when they have the same subnet.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 1
                • M
                  mistermaster
                  last edited by

                  Hi all,
                  I have resolved by remapping the ip configuration of network B.
                  Thanks to all for the help!

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    There you go ;) Some other advice 192.168.1 is not a good choice to be honest.. This is very very common - say your at a starbucks or something needing to vpn in to your site and they are using 192.168.1 locally.. Now you have a problem.. Client thinks that your server 192.168.1.100 for example is just local - and won't send it down the tunnel to get to it.

                    As I mentioned you have all of rfc1918 space to use.. Pick something a bit less common.. 192.168.0 and 192.168.1 are like the default for many wifi routers.. Maybe run say 172.23.14/24 or something..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • PippinP
                      Pippin
                      last edited by

                      See also here:
                      https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts

                      I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                      Halton Arp

                      1 Reply Last reply Reply Quote 1
                      • JKnottJ
                        JKnott @johnpoz
                        last edited by

                        @johnpoz said in Same ip subnet for two VPN:

                        Some other advice 192.168.1 is not a good choice to be honest.. This is very very common - say your at a starbucks or something needing to vpn in to your site and they are using 192.168.1 locally.. Now you have a problem.. Client thinks that your server 192.168.1.100 for example is just local - and won't send it down the tunnel to get to it.

                        Yep, I had that problem years ago when I was staying at hotels. That's why I moved my LAN to 172.16.0.0. I have only seen that used elsewhere once.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.