Same ip subnet for two VPN
-
Hi all,
I need some help with configuring OpenVPN server.I have this configs:
network A (OVPN):- subnet: 192.168.1.0/24
- vpn type: TUN
network B (OVPN):
- subnet: 192.168.1.0/24
- vpn type: TUN
network C (client):
- subnet: 192.168.2.0/24
network A and B are in different geographically locations.
Individual connection at the networks A and B are ok.Questions:
- If a client from network C connect both at the networks A and B at the same time, it can cause ip conflict, correct?
- I think my problem is very similar to this one, correct?
https://forum.netgate.com/topic/39576/solved-openvpn-and-nat-for-same-subnet/5
Goal:
I want to configure OVPN server in network B with some firewall and/or nat rules to the subnet 192.168.11.0/24, so it doesn't conflict with the network A.
I know that I can simply remap the ip configurations in network B, but I can't do it.
Is there a way to achieve this?
Thanks! -
You cannot have the same subnet on multiple networks. The network address, in your example 192.168.1.0 /24 is used to determine which way to forward a packet. If 2 networks have the same network address, which way is that packet sent?
-
@JKnott Network A and B are not connected directly, so if I want to send a packet to 192.168.1.10 in network B, I need to send packet to 192.168.3.10 (for example) because openvpn server should translate it.
if destination 192.168.3.101 --> 192.168.1.101
And so on... -
@mistermaster said in Same ip subnet for two VPN:
I think my problem is very similar to this one, correct?
https://forum.netgate.com/topic/39576/solved-openvpn-and-nat-for-same-subnet/5And why don't you try that solution.
As far as I know it should work that way. -
I never understand why users love to just shoot themselves in the foot... for no freaking reason..
If site A and B are under your control - why and the F would you run the same network scheme at these 2 locations... You have ALL of rfc1918 space to use.. ..
Site A 192.168.1/24
Site B 192.168.2/24Problem solved..
-
@mistermaster said in Same ip subnet for two VPN:
@JKnott Network A and B are not connected directly, so if I want to send a packet to 192.168.1.10 in network B, I need to send packet to 192.168.3.10 (for example) because openvpn server should translate it.
if destination 192.168.3.101 --> 192.168.1.101
And so on...What are they connected to? What network is 192.168.3.0? Where is it connected? Regardless, if you're expecting a network anywhere to be able to reach both A & B it won't work when they have the same subnet.
-
Hi all,
I have resolved by remapping the ip configuration of network B.
Thanks to all for the help! -
There you go ;) Some other advice 192.168.1 is not a good choice to be honest.. This is very very common - say your at a starbucks or something needing to vpn in to your site and they are using 192.168.1 locally.. Now you have a problem.. Client thinks that your server 192.168.1.100 for example is just local - and won't send it down the tunnel to get to it.
As I mentioned you have all of rfc1918 space to use.. Pick something a bit less common.. 192.168.0 and 192.168.1 are like the default for many wifi routers.. Maybe run say 172.23.14/24 or something..
-
See also here:
https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts -
@johnpoz said in Same ip subnet for two VPN:
Some other advice 192.168.1 is not a good choice to be honest.. This is very very common - say your at a starbucks or something needing to vpn in to your site and they are using 192.168.1 locally.. Now you have a problem.. Client thinks that your server 192.168.1.100 for example is just local - and won't send it down the tunnel to get to it.
Yep, I had that problem years ago when I was staying at hotels. That's why I moved my LAN to 172.16.0.0. I have only seen that used elsewhere once.