VPN from client to office on the same subnet
-
Is this possible?
From Home subnet is 192.168.1.0/255.255.255.0–---OfficeWan-Office Subnet is also 192.168.1.0/255.255.255.0
My current Watchguard is able to make this work it hand out 192.168.30.0/255.255.255.0 for the vpn client ip and route all traffic back to the office
I a hoping i can keep the same thign going using pfsense and replace the watchguard.
-
You can using OpenVPN TAP mode to bridge across the link. But IMHO you are better off not to have all the broadcast traffic. Use a different subnet at each end and an OpenVPN TUN site-to-site link between them.
-
or nat the lan subnet over the vpn (messy)
-
We discovered after some testing today that this is possible and works fine, at least with a Windows client. Other operating systems may react differently.
OpenVPN, when pushed a conflicting route, adds an additional route with a lower metric to send the traffic across the VPN:
Not Connected:
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.xxx.2 192.168.xxx.131 10 192.168.xxx.0 255.255.255.0 192.168.xxx.131 192.168.xxx.131 10 192.168.xxx.131 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.xxx.255 255.255.255.255 192.168.xxx.131 192.168.xxx.131 10Connected:
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.xxx.2 192.168.xxx.131 10 192.168.xxx.0 255.255.255.0 192.168.xxx.131 192.168.xxx.131 10 192.168.xxx.0 255.255.255.0 10.46.75.5 10.46.75.6 1 192.168.xxx.131 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.xxx.255 255.255.255.255 192.168.xxx.131 192.168.xxx.131 10What this means is that, while connected, your traffic to 192.168.xxx.0/24 will go across the VPN, but you lose connectivity to your local subnet except for the gateway. In most cases that's a non-issue since it's likely a coffee shop, airport, hotel, etc. If you'd need anything there it may be a DNS server but you can push the client one of those, too.
Once you disconnect from the VPN, local connectivity is restored.
-
How many nodes does your home network consist of? normally for home users its one computer and router and maybe a few ipads for the kids. Just change the network range on the router. So much easier!
