Problem with generic ip's

victorrhoden00

Good morning, I have the following problem:

I have a client that accesses your company via OPENVPN that operates on PFSENSE, this client needs to access a server with the IP: 192.168.0.1 (yes, that's right) but at home the IP address of your router's gateway is also the IP: 192.168.0.1 which ends up causing the computer to arrive first at the router and not at the server, I could change this router's IP but they are in hotels too and we can't ask every hotel to change the network range.

Is there any way for me to jump directly to the server?

viragomann

@victorrhoden00 said in Problem with generic ip's:

a server with the IP: 192.168.0.1 (yes, that's right

I assume, you know that this is can be problematic with VPN access.
You should rather consider to change the company's LAN network.

But if this isn't possible, you can nat the traffic, so that the client has to call any other IP, which is mapped to the server.

To do so, you have to assign an interface to the OpenVPN server instance and enable it, if this wasn't done already.
Then assign a virtual IP to this interface, say 10.187.26.5/32.
Now you can add a port forwarding rule to the OpenVPN server interface with destination 10.187.26.5 and redirect target 192.168.0.1.

The client has to call then 10.187.26.5 to get to the server. Done.

johnpoz

@victorrhoden00 said in Problem with generic ip's:

I could change this router's IP but they are in hotels too and we can't ask every hotel to change the network range.

Huh? Why would you ask remote users to change their network? Change yours to not be using most likely the most common IP on the planet for every soho wifi router..

On your network set something that is not so common. Maybe 172.27.42.0/24 - now every billy bob and susan connecting to your vpn from their home, or starbucks or some hotel using 192.168.0/24 won't be conflicting.

victorrhoden00

This post is deleted!

victorrhoden00

@johnpoz I'm dealing with the client and he doesn't accept changing the IP of his server because he has a system running on that server, I swear I've tried everything to restructure the network but he doesn't accept it. :(

johnpoz

@victorrhoden00 well - then people wanting to connect to his server from vpn are going to have a issues.. You could prob make a nat and have them connect to say a vip you run that you nat to the server IP..

victorrhoden00

@viragomann Thank you very much for the tip, I did what you told me and it worked