Maintain the same IP even in different networks

darkcorner

Let's assume this scenario:

• HQ: DHCP on 192.168.0.0
• Office1: DHCP on 192.168.1.0
• Office2: DHCP on 192.168.2.0

In HQ there is a server (192.168.0.10) that connects to a portable device (192.168.0.111). The problem is that this device moves between locations where the class is different.

In other words, the 192.168.0.0 class "extends" to the other offices.
So, in Office1 there are PCs and printers on the 192.168.1.0 network, except for this device which will have 192.168.0.111 and which communicates with the server in HQ 192.168.0.10.
When the device moves to Office 2, it will always retain its IP address 192.168.0.111 even if the rest of the network is 192.168.2.0.

The device is unable to activate a VPN; if it is necessary, it must already be active, but only for this device.

I'm struggling to figure out how to set up networks.

Gertjan

@darkcorner said in Maintain the same IP even in different networks:

In HQ there is a server (192.168.0.10) that connects to a portable device (192.168.0.111)

A 'server' doesn't connect to any device. The device here is the 'client', with, for example a browser, or some app, and this client connect to the server. So it's 192.168.0.111 that takes the initiative. 192.168.0.10, the server, only listens, and answers when he receives a request.

@darkcorner said in Maintain the same IP even in different networks:

So, in Office1 there are PCs and printers on the 192.168.1.0 network

A network is a set of IP addresses in a range. What is your range ?
A range might be the classic /24, so in 192.168.1.0 network, you have avaible 192.168.1.1 (the DHCP server, gateway and DNS probably itself), and 192.168.1.2 up to 192.168.1.254 for the connected devices.
Your portable device can not get an IP like 192.168.0.111 in that network.
You can't say that you live on a road called "Abbey road" while your actual address is somewhere on "Station Street".

Question : how are these HQ, Office1 and office2 connected ? All on the same router ?

When your portable device needs to connect to a server, give this server a host-name. Like server.hq-network.tld. Declare this host name in the hosts overrides of unbound, the resolver.
Your portable device will have a different IP on all these 3 networks, but it will still connect to "server.hq-network.tld", as it will do a DNS request first, to obtain '192.168.0.11'.
Up to you to add firewall rules on Office1 interface and Office12 interface that the/a portable device on Office1 or Office2 can connect to destination IP "192.168.0.111". The router, interconnecting HQ, Office1 and Office2 will do the rest.
Don't forget to check if this server 192.168.0.111 accepts connections from networks 192.168.1.0/24 and 192.168.2.0/24.

Popolou

@darkcorner Can you not use hostnames to make the connection? For the sake of argument, the device is basically on static addressing so it should make that trivial imho.

johnpoz

@darkcorner I am with @Gertjan here its highly doubtful that your server starts the conversation. A server normally answers to a conversation started by the client.

What is this device? It doesn't support dhcp? You can not change its IP address.. Your going to have a really hard time even letting some some talk to your server from a remote network even if this remote site had a 192.168.0 network since if its trying to talk to 192.168.0.10 - to that mobile device on a 0.111 address 0.10 would be local and it would never send the traffic to some gateway to even be routed to your HQ.

If we had some idea what this device is - maybe we could find its details on how it talks on the network to find a solution..

If what you say is true and it has to be on that IP.. And it needs to talk to this remote server that is on its same network - you would have to extend that L2 network into your remote sites and create a 192.168.0 network at both of them. This might be possible with a GRE tunnel.

darkcorner

We can imagine the device as if it is a very particular type of printer and it is the application on the server that "prints" on the device that has that specific address.
For what it matters it could be an alarm siren that is sounded by the application when an event occurs. Or a message from the server to a PC moving between locations.
Unfortunately the address is registered in the application and cannot be changed; furthermore the hostname is not used because we would have already solved it.
I tried to simplify it, but in reality it is a little more complex because there are more than one devices and used by more people who move around. These people are unable to change the application configuration; they just have to "print".

The point is not what type of device they are and which of the two contacts the other.
The point is that device A must be able to contact device B on the same network even if B is located in a different location.
It can be a PING from A to B and with B responding to A.

So, the point is not how I assign the IP address to the device, but the fact that in that branch office I have two classes of addresses 192.168.1.0 (used there) and 192.168.0.0 used only in HQ and in some devices of that office.
It is normal to have multiple DHCP on a firewall: LAN, DMZ, Guests, etc.
Segmentation can occur on different switches or with VLANs.

So, in Office1 the PCs have an address of 192.168.1.0, but this device has an address of 192.168.0.111.
Whether it had this address because it's on a VLAN or in a separate switch doesn't seem important to me.

I don't know what routers they use in the other locations; if it needs to be changed it will be one of the options that will be taken into consideration.

On a theoretical level, I remember having studied a case of this kind managed with a segmentation of subnetworks.
But I don't remember in what context it was, whether for VPNs or (as in this real case) segmentation at the level of multiple offices.

Gertjan

@darkcorner said in Maintain the same IP even in different networks:

they just have to "print".

They have to "print" to a "printer" know to the device (application) by it's IP. The device is a laptop that moves around among different networks.
That's very possible. When I connect my phone to network B, 192.168.2.0/24 and my phone gets an IP like 192.168.2.6, it can connect to my "printer" which exists on network A, 192.168.1.0/24 - with an IP like 192.168.1.10. It's pfSense that knows that, traffic coming from 192.168.2.0/24, with destination 192.168.1.10 (the "printer"), has to be directed to 192.168.1.0/24 network.

@darkcorner said in Maintain the same IP even in different networks:

The point is that device A must be able to contact device B on the same network even if B is located in a different location.

That's ok. you can have a part of a network, for example location A 192.168.1.1 to 192.168.1.128 on one place, and bridge this network to another place, where the device, location B, 192.168.129 to 192.168.1.254 are.
The bridging can be done with a classic Ethernet cable if less then 150 M, or bridges Wifi devices, or some VPN solution.
If you are present on location B, you can access use devices on location A - as it is all the same network after all.

Popolou

@darkcorner I agree, discussion on which device 'connects' or the ip address is all besides the point but i'm curious with your line that no hostname is used otherwise it would have been solved - why is that?

There may well be some creative workaround which i cannot immediately think of but it seems to me the simplest solution is to have another router/modem to be carried around with your device which initiates a connection to the HQ network (think OpenVPN) and your device sites behind it. This 'middleman' can be any small portable router that creates a VPN tunnel over the LAN network back to the HQ office and need not go over the internet itself (or you can of course). It need not be a pfsense box but any small form factor device running either opensource or propriety software that has VPN software baked in. The end result being that you keep the same IP and it does not matter where the device is as long as it is either connected via its HQ LAN or remotely via the tunnel.

johnpoz

@darkcorner said in Maintain the same IP even in different networks:

The point is that device A must be able to contact device B on the same network even if B is located in a different location.

And that is not how networking works..

If you have 2 devices A and B that talk to each other that are on the same network.. You can't just move the device to some remote network and expect them to talk to each other like they are on the same network.. For that to work you would have an extended L2 network between location 1 and where ever this remote location 2 is.

Unfortunately the address is registered in the application and cannot be changed

Not a networking problem - you have an application problem.. If you have some application that needs to talk to some box.. And this box is going to move to different locations.. Your application is borked.. Your application should point a fqdn, that you can resolve to whatever IP this device is on be locally, or remote.

And the device that needs to move to different locations but can't change its IP is also borked.. Never heard of a printer that can not change its IP..

Your trying to solve a problem that is an application problem.. With networking tricks.. If you need to have this device on IP X and it needs to move about.. You need a 2nd device along with this device that will vpn into your hq and create an extended L2 ie a bridge so that this 192.168.0 network seems to be local to HQ..

Keep in mind that another aspect of devices moving about - your latency is going to change.. While your device is local the latency between the device and the server is couple ms tops.. Now it might be 30 ms away, 60 ms away - more? Applications designed to work with its piece parts all local tend not to like that so much..

darkcorner

Of course, it is an application problem which however I have to solve (if possible, obviously) at the network level.
The application is not editable. There's no point in discussing it.
The application "prints" to a hostname, this can be done.
On Windows it is \\server\device-name.
The problem is that the application (I repeat, not editable) only uses this reference, but this reference changes when it moves.
If it is in HQ, then \server\device-name = 192.168.0.111
If it is in Office1, then \server\device-name = 192.168.1.111
If it is in Office2, then \server\device-name = 192.168.2.111

And so it's always an IP address problem.
If I could always keep \server\device-name = 192.168.0.111 even when I'm in the other two offices, the problem would be solved.

Which means that the application always prints to \server\device-name which, maintaining its IP, is perfectly reachable also in other locations.

Gertjan

@darkcorner said in Maintain the same IP even in different networks:

If it is in HQ, then \server\device-name = 192.168.0.111
If it is in Office1, then \server\device-name = 192.168.1.111
If it is in Office2, then \server\device-name = 192.168.2.111

Are there 3 identical devices on these 3 networks ?
or
... no not or. I can't image how "192.168.0.111" "192.168.1.111" "192.168.2.111" can all be the same physical device. But, let presume. In that case :

On HQ, place a host override : \server\device-name => 168.0.111
On Office1, place a host override : \server\device-name => 168.1.111
On Office2, place a host override : \server\device-name => 168.2.111

darkcorner

@Gertjan said in Maintain the same IP even in different networks:

Are there 3 identical devices on these 3 networks ?

No! There are not 3 devices with the same IP.
There is only one device, which is used in HQ on Monday, in Office1 on Tuesday, in Office2 on Wednesday, in Office3 on Thursday and in Office4 on Friday.
But in all 5 days it must always have the same IP.

The Party of Hell No

@darkcorner still trying to understand... the "laptop" must be assigned the same IP at each of these sites?

Are there separate routers at each of these sites?

Are the device(s) you are connecting to in each of these offices requires the "laptop" to have this IP to connect?

darkcorner

I can't make myself understood.
It is not the laptop that must always have the same IP assigned, but this device (this printer, in the example).
They are separate offices in separate cities, so obviously each has its own router and firewall.

I'll try to generalize the matter, hoping to simplify it and not complicate it.
Each office has its own class of addresses:

• HQ: DHCP on 192.168.0.0
• Office1: DHCP on 192.168.1.0
• Office2: DHCP on 192.168.2.0

But there are also subnets.
In HQ the network is from 192.168.0.1 to 192.168.0.191.
Then in Office1 there is also the network from 192.168.0.192 to 192.168.0.223
and in Office2 there is also the network from 192.168.0.224 to 192.168.0.255

It can be done? How can I do it?

If this can be done, then it will be the router/firewall in HQ that will direct the traffic from 192.168.0.192 to 255 towards Office1 and Office2.
At the same time in Office1 and Office2 all traffic towards the addresses from 192.168.0.1 to 192.168.0.191 will be directed towards HQ.

The Party of Hell No

@darkcorner
Yes, i apologize for not understanding. I am going to make some assumptions from your description.

It sounds like the "printer is being moved about. It also sounds like the "host override" suggested above is not the solution.

From my perspective, not knowing much but the little i have, if you are moving it to other locations why not create new separate LAN segments at each office with it's own AP and own ARP/Static mapping for this device and direct with a port rule on the other LAN segments to this device. Then install a shared printer.

Assuming it is installed at the headquarters and accessed by each remote site on the given days; I would create it's own LAN segment - like above - set up a site-to-site VPN and write a port rule on the VPN interface to the "printer" and at the remote sites install a shared network printer.

Probably not what you want to hear.

darkcorner

@The-Party-of-Hell-No said in Maintain the same IP even in different networks:

Probably not what you want to hear.

Reply

No, in fact, because I keep repeating that it is the device that moves, not the people and not even the application.

It is a very particular and very expensive device.
It is used with an application installed on the central server that does not move from the rack in HQ. It is this application that communicates with the device and not the device that communicates with the application. For this reason I gave the example of the printer.

Instead, it is the device that moves between locations, but nevertheless must maintain the same IP.

The Party of Hell No

@darkcorner
So my first solution of setting up a separate LAN segment at each office just for this device would be viable.

So finally, the device moves to the remote sites, but it is accessed from an app at the central office; do I finally have it right?