Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple remote site with same subnet

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      olde
      last edited by

      Hy guys,
      i have to site2site connect our main office with some customers offices.
      The problem is that some of this customers networks uses the same subnet (192.168.1.0)

      Changing the remote subnet is not a possible solution.

      My goal should be let any machine in the remote site1 being reachable with another ip.
      for example :
      10.0.1.11 "translated" in 192.168.1.11 in the remote site 1
      10.0.2.11 "translated" in 192.168.1.11 in the remote site 2

      I am actually trying with only one OpenVPN tunnel
      I am trying to use 1:1NAT to do this but no way to make it working

      This is my OpenVPN Server configuration (pf sense of our main office):
      Server Mode Peer to Peer  (Shared Key)
      Protocol TCP
      Device Mode tun
      Interface WAN
      Local port 1194

      Tunnel Network 172.16.201.0/24
      Local Network 192.168.5.0/24
      Remote Network 10.0.1.0/24 (i also tried 192.168.1.0/24)
      Compression v Compress tunnel packets using the LZO algorithm.

      I also added this 1:1 NAT
      Interface OpenVPN
      External subnet IP 10.0.1.0
      Internal IP 192.168.1.0/24
      Destination 172.16.201.0/24

      Sorry for my poor english, any help would be appreciated.
      Luca

      1 Reply Last reply Reply Quote 0
      • R
        Reiner030
        last edited by

        Hi,

        1:1 NAT is only the incoming side…
        you also need outbound NAT.

        => Manual Outbound NAT generation
        ==> normally you can delete safely the autogenerated rules if you don't use IPSec but perhaps you want some of them modified.

        => add a new rule which is bound to your outgoing OpenVPN Interface the reverse NAT mapping rule... finished ;)
        (you don't have forgotten to open incoming firewall rules to needed services ?)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.