Multiple remote site with same subnet



  • Hy guys,
    i have to site2site connect our main office with some customers offices.
    The problem is that some of this customers networks uses the same subnet (192.168.1.0)

    Changing the remote subnet is not a possible solution.

    My goal should be let any machine in the remote site1 being reachable with another ip.
    for example :
    10.0.1.11 "translated" in 192.168.1.11 in the remote site 1
    10.0.2.11 "translated" in 192.168.1.11 in the remote site 2

    I am actually trying with only one OpenVPN tunnel
    I am trying to use 1:1NAT to do this but no way to make it working

    This is my OpenVPN Server configuration (pf sense of our main office):
    Server Mode Peer to Peer  (Shared Key)
    Protocol TCP
    Device Mode tun
    Interface WAN
    Local port 1194

    Tunnel Network 172.16.201.0/24
    Local Network 192.168.5.0/24
    Remote Network 10.0.1.0/24 (i also tried 192.168.1.0/24)
    Compression v Compress tunnel packets using the LZO algorithm.

    I also added this 1:1 NAT
    Interface OpenVPN
    External subnet IP 10.0.1.0
    Internal IP 192.168.1.0/24
    Destination 172.16.201.0/24

    Sorry for my poor english, any help would be appreciated.
    Luca



  • Hi,

    1:1 NAT is only the incoming side…
    you also need outbound NAT.

    => Manual Outbound NAT generation
    ==> normally you can delete safely the autogenerated rules if you don't use IPSec but perhaps you want some of them modified.

    => add a new rule which is bound to your outgoing OpenVPN Interface the reverse NAT mapping rule... finished ;)
    (you don't have forgotten to open incoming firewall rules to needed services ?)


Log in to reply