ovpn with same network addresses works but

pixel24

Hi@all,

i use OpenVPN on several pfSense installations (2.6). This also works well. One of the clients is my notebook (Linuxmint 21.1) which connects from alternate networks. This also works. One of the networks running pfSense/OVPN has the LAN address:

192.168.0.0/24

This network is the default for many ISP routers. If I connect from a network with this LAN address:

192.168.0.0/24

to the above mentioned pfSense I can reach all systems in the remote LAN. Only the remote host: vmhost01.lan.beispiel.at is not reachable. This is probably because this IP is also the local IP of the ISP router from the network I am connecting from.

The correct DNS server is transmitted from the remote OVPN (pfSense):

dig vmhost01.lan.example.at

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> vmhost01.lan.example.at
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52065
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;vmhost01.lan.example.at.		IN	A

;; ANSWER SECTION:
vmhost01.lan.example.at.	894	IN	A	192.168.0.1

;; AUTHORITY SECTION:
lan.example.at.		894	IN	NS	srv01.lan.example.at.

;; ADDITIONAL SECTION:
srv01.lan.example.at.	894	IN	AAAA	fd2d:caef:b987:4a90:1418:6aff:fe6f:b673
srv01.lan.example.at.	894	IN	A	192.168.0.5

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue Jan 10 10:40:00 CET 2023
;; MSG SIZE  rcvd: 129

My problem with it is that I cannot change the LAN address from which I connect.

Is there any way to connect to the host:

vmhost01.lan.example.at / 192.168.0.1/24

from a LAN in which the IP:

192.168.0.1/24

is the local default gateway via OpenVPN?

with best
pixel24

viragomann

@pixel24
I think, you understand, that changing one of the subnets is the proper approach to this issue.
And also to avoid to keep such default network settings like 192.168.0.0/24 in general.

The only other option you have might be to nat the IP address to something else. But this has to be applied on the remote site.
You can assign an additional IP outside of the LAN subnet to the remote pfSense VPN interface (there must be an interface assigned to the VPN server) and nat it to 192.168.0.1.
Also you have to push the route for the new NAT IP to the client or add it to the client config.

johnpoz

@pixel24 said in ovpn with same network addresses works but:

I cannot change the LAN address from which I connect.

Which is normally the case, which is why you don't run "your" network that your connecting to with common used networks. Change your network where openvpn is running to say 17.16.42.0/24 or something not common default network.

pixel24

@viragomann said in ovpn with same network addresses works but:

The only other option you have might be to nat the IP address to something else. But this has to be applied on the remote site.
You can assign an additional IP outside of the LAN subnet to the remote pfSense VPN interface (there must be an interface assigned to the VPN server) and nat it to 192.168.0.1.
Also you have to push the route for the new NAT IP to the client or add it to the client config.

Thanks for the answer. I will try it as described.