Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN from client to office on the same subnet

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 5 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      paulhuynh81
      last edited by

      Is this possible?

      From Home subnet is 192.168.1.0/255.255.255.0–---OfficeWan-Office Subnet is also 192.168.1.0/255.255.255.0

      My current Watchguard is able to make this work it hand out 192.168.30.0/255.255.255.0 for the vpn client ip and route all traffic back to the office

      I a hoping i can keep the same thign going using pfsense and replace the watchguard.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        You can using OpenVPN TAP mode to bridge across the link. But IMHO you are better off not to have all the broadcast traffic. Use a different subnet at each end and an OpenVPN TUN site-to-site link between them.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          or nat the lan subnet over the vpn (messy)

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            We discovered after some testing today that this is possible and works fine, at least with a Windows client. Other operating systems may react differently.

            OpenVPN, when pushed a conflicting route, adds an additional route with a lower metric to send the traffic across the VPN:

            Not Connected:

            Network Destination        Netmask          Gateway       Interface  Metric
                      0.0.0.0          0.0.0.0    192.168.xxx.2  192.168.xxx.131      10
                192.168.xxx.0    255.255.255.0  192.168.xxx.131  192.168.xxx.131      10
              192.168.xxx.131  255.255.255.255        127.0.0.1       127.0.0.1       10
              192.168.xxx.255  255.255.255.255  192.168.xxx.131  192.168.xxx.131      10
            

            Connected:

            Network Destination        Netmask          Gateway       Interface  Metric
                      0.0.0.0          0.0.0.0    192.168.xxx.2  192.168.xxx.131      10
                192.168.xxx.0    255.255.255.0  192.168.xxx.131  192.168.xxx.131      10
                192.168.xxx.0    255.255.255.0       10.46.75.5      10.46.75.6       1
              192.168.xxx.131  255.255.255.255        127.0.0.1       127.0.0.1       10
              192.168.xxx.255  255.255.255.255  192.168.xxx.131  192.168.xxx.131      10
            

            What this means is that, while connected, your traffic to 192.168.xxx.0/24 will go across the VPN, but you lose connectivity to your local subnet except for the gateway. In most cases that's a non-issue since it's likely a coffee shop, airport, hotel, etc. If you'd need anything there it may be a DNS server but you can push the client one of those, too.

            Once you disconnect from the VPN, local connectivity is restored.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              craigduff
              last edited by

              How many nodes does your home network consist of? normally for home users its one computer and router and maybe a few ipads for the kids. Just change the network range on the router. So much easier!

              Kind Regards,
              Craig

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.