Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED]Is there a way to have the same local and remote subnet?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Th4xll
      last edited by

      Hi,

      I know it's a very common mistake / question regarding OpenVPN but the fact is I can't change the local or remote subnet. Is there a way to make it works?
      Clients need to access remote servers on the pfsense subnet which is the same as the local client subnet : 192.168.0.0/24. I forced clients with option : Force all client generated traffic through the tunnel, on windows XP it's working fine, but Vista / 7 behave differently.

      Pfsense server ( OpenVPN ) Local : 192.168.0.1/24
                                 |
                                 |
      VPN's client Local : 192.168.0.1/24
      VPN subnet 10.0.8.0/24

      Thank you,

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Not a good idea even if you can sometimes make it work with force through the tunnel.  Going to be impossible to access a device down the tunnel that just happens to have the same IP as yours ;)

        CHANGE your local network, I could see why you might not have control over the remote - but how is it your setting up the openvpn connection but don't have control over the local IP space?

        You might be able to do something with a NAT if you can not change the IPs just use a 1to1 mapping with some other network, ie say 192.168.10.X = 192.168.1.X
        192.168.10.Y = 192.168.1.Y
        etc…

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          Th4xll
          last edited by

          Well despite warnings on Vista / 7 looks like it's working now, I know it's not a good idea to use the same subnet but I can't change it :/
          For Vista / 7 users don't forget to run as admin otherwise you can't change routes
          I'm changing the post title to SOLVED.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I wouldn't really mark your work around as solved - because you have not solved the root of the problem.  The root of the problem is you have the same network segment.

            So you force traffic down the tunnel - now clients can not access resources on their own segment ;)  And still have issue with dupes, maybe client wants to access 192.168.1.14 on his segment, and he ends up trying to access 192.168.1.14 on your segment.  Maybe his address is .14, and needs to access .14 on other end ;)

            Your solution may have allowed you to accomplish a portion of what your what your wanting to do - but it in no way is an actual solution.  Now natting would actually be a solution since remote clients would be able to access any IP on the vpn local side, no matter what IP even if matches up with their own.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.