workaround network conflict host to remote (both are 192.168.1.x)?

GiT 0

Is there a good workaround for dealing with OpenVPN when the host network is the same as the remote client's network who is trying to connnect? I don't have a good way to change either subnet at the moment and cannot get into VPN because of network conflicts.

Thoughts? thanks for pointing me to RTFM if I missed previous posts on this.

GiT

viragomann

@git-0 said in workaround network conflict host to remote (both are 192.168.1.x)?:

Is there a good workaround for dealing with OpenVPN when the host network is the same as the remote client's network who is trying to connnect?

No.
You can nat the traffic though, but I wouldn't say, that's good to do.

JKnott

@git-0

The proper way is to move to IPv6 and forget this sort of nonsense that's been caused by the IPv4 address shortage.

chpalmer

@jknott said in workaround network conflict host to remote (both are 192.168.1.x)?:

@git-0

The proper way is to move to IPv6 and forget this sort of nonsense that's been caused by the IPv4 address shortage.

Surely you jest!?

LOL..

JKnott

@chpalmer said in workaround network conflict host to remote (both are 192.168.1.x)?:

Surely you jest!?

No I don't. IPv6 is the only way to avoid this sort of nonsense. Hanging on to IPv4 means you get address conflicts such as this. It also means having to use NAT, so that 1 address can be used for several devices, etc.. IPv6 has been around for years. I've been using it since May 2010 and my ISP provides it on both cable and cell networks. The biggest obstacle is people who are happy to use hack after hack, to try to get around the problems caused by IPv4, instead of getting off their butts and moving to IPv6. We're long past any valid excuse for not doing so.
Anyone who claims IPv4 is good enough is part of the problem.

Jarhead

@jknott Or, there's a lot of us who never believed there was a shortage of IPv4 addresses. And some twenty years later, I'd say we were right.
Just another scare tactic like Y2K.
I see no reason to move to IPv6 and don't plan on doing so until I'm forced to.
We will never run out of IPv4 addresses as long as they're used properly.

keyser

@jknott said in workaround network conflict host to remote (both are 192.168.1.x)?:

No I don't. IPv6 is the only way to avoid this sort of nonsense. Hanging on to IPv4 means you get address conflicts such as this. It also means having to use NAT, so that 1 address can be used for several devices, etc.. IPv6 has been around for years. I've been using it since May 2010 and my ISP provides it on both cable and cell networks. The biggest obstacle is people who are happy to use hack after hack, to try to get around the problems caused by IPv4, instead of getting off their butts and moving to IPv6. We're long past any valid excuse for not doing so.
Anyone who claims IPv4 is good enough is part of the problem.

Ideally you are right, but ideals rarely lasts or comes true.
One particular good reason for not using IPv6 is that it is difficult at best because of DHCP6/RA standards being all over the place when it comes to actual vendor implementation. Add very protective ISP’s to the mix, and getting IPv6 work properly is at best a major challenge. IPv4 just works…..

JKnott

@jarhead

You're wrong. We're fortunate in North America, as we got the bulk of the IP addresses, before the rest of the world was even on the Internet. Other parts of the world are not so fortunate. There are a lot people, some of whom turn up here, that are trapped behind carrier grade NAT and can't even remotely connect to their network. There are a maximum of 2^32 IPv4 addresses, or a bit over 4 billion. That's not even enough for just the mobile devices people have now. Of course, this is before the fact that large blocks of addresses are not available for global addresses. I knew back in the mid 90s there wasn't enough IPv4 addresses, even before I first read about IPv6 in the the April 1995 issue of Byte magazine.

I get 2^72 addresses from my ISP, for my home network and another 2^64 on my smart phone. That 2^64 is the entire IPv4 address space squared!

So, anyone who insists on sticking with IPv4 is stuck in the dark ages!

JKnott

@keyser

That is not reason to not use IPv6. That's reason to complain to ISPs. Or encourage governments to make IPv6 mandatory, as is already happening in some parts of the world. My ISP has provided native IPv6 for about 7 years and via tunnel for a few years before that. I don't recall when they started providing it on the cell network, but it has been a least 5 - 6 years now. In fact, my cell phone has to use 464XLAT to access IPv4 sites.

chpalmer

@jknott

Well.. still the only problem that the OP is having is that they don't want to change the internal subnet on at least one side. This is not a question about public IP shortages.

My employer has probably one of the largest (if not the largest) private networks in the world. We do not use IPv6 internally and are not close enough to care about running out of private IP's in the system.

OP- quit putting it off and simply add a 0 to the third octet in your private address to make one side 192.168.10.0/24

There are many here who would gladly help you do that.

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

https://www.arin.net/reference/research/statistics/address_filters/

JKnott

@chpalmer

That is a very common problem caused by the need to use NAT & RFC1918 addresses with IPv4.

Back in the early 90s, when I first started using the Internet, I had a static address, I was using SLIP, which required manual configuration. In 1997, I started at IBM, and had 5 static, public addresses, 1 for my own computer and 4 for testing. A couple of years later, when I got a cable modem and built a firewall/router on Linux, I ran into my first problem caused by NAT. FTP broke! Back then, command line FTP was used and NAT broke active mode FTP. At the time, FTP clients generally didn't support passive mode. These days, things like VoIP and some games require a hack called STUN, to get around the problems caused by the hack called NAT.

The answer to this is IPv6!