Site to site - How to assign same subnet IP to one device on each end

cobrahead

I have OpenVPN up and running a site-to-site configuration between two remote locations. One LAN is 192.168.x.x and the other is 172.16.x.x ... it works great for everything I normally do between these two locations.... until now.

Is there a way for me to assign/route/etc one of the devices on 172.16.x.x to a 192.168.x.x address. In other words, I need both devices to have a 192.168.x.x OR 172.16.x.x address.

Thanks for any guidance!

viragomann

@cobrahead said in Site to site - How to assign same subnet IP to one device on each end:

Is there a way for me to assign/route/etc one of the devices on 172.16.x.x to a 192.168.x.x address. In other words, I need both devices to have a 192.168.x.x OR 172.16.x.x address.

What's the benefit of this? Do you need devices on both sites to be within the same L2?

JKnott

@cobrahead

The only way I'm aware of is to use a TAP VPN, which is effectively a bridge between sites. With a normal TUN VPN, which routes traffic, you can't have them in the same subnet.

cobrahead

@viragomann said

What's the benefit of this? Do you need devices on both sites to be within the same L2?

According to the manual for the two devices (the ones I am connecting remotely) they are supposed to be in the same L2. I think that is incorrect, I don't have to do that with any other network devices that connect with one another via this VPN. With that being said I was curious how hard it would be to allow one of the devices to 'bridge' so they could be on the same L2. I will know more when the manufacturer of these devices answers my support ticket tomorrow.

Derelict

@cobrahead

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

Probably not going to happen for only one device unless that device is the only device on the bridged segment.

cobrahead

@Derelict said

Probably not going to happen for only one device unless that device is the only device on the bridged segment.

Thanks Derelict. If it comes down to it I might try a tap connection.

Can two site-to-site OpenVPN instances run at the same time with one in tun mode and the other in tap mode?

That would be nice if a small segment of LAN IPs (or perhaps a separate subnet) could be in tap mode, with the bulk running in a 'normal' tun configuration.