4. VPN from client to office on the same subnet

VPN from client to office on the same subnet

  • P

    Is this possible?

    From Home subnet is 192.168.1.0/255.255.255.0–---OfficeWan-Office Subnet is also 192.168.1.0/255.255.255.0

    My current Watchguard is able to make this work it hand out 192.168.30.0/255.255.255.0 for the vpn client ip and route all traffic back to the office

    I a hoping i can keep the same thign going using pfsense and replace the watchguard.

    0
  • P

    You can using OpenVPN TAP mode to bridge across the link. But IMHO you are better off not to have all the broadcast traffic. Use a different subnet at each end and an OpenVPN TUN site-to-site link between them.

    0
  • H

    or nat the lan subnet over the vpn (messy)

    0
  • Rebel Alliance Developer Netgate

    We discovered after some testing today that this is possible and works fine, at least with a Windows client. Other operating systems may react differently.

    OpenVPN, when pushed a conflicting route, adds an additional route with a lower metric to send the traffic across the VPN:

    Not Connected:

    Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.xxx.2  192.168.xxx.131      10
    192.168.xxx.0    255.255.255.0  192.168.xxx.131  192.168.xxx.131      10
  192.168.xxx.131  255.255.255.255        127.0.0.1       127.0.0.1       10
  192.168.xxx.255  255.255.255.255  192.168.xxx.131  192.168.xxx.131      10

    Connected:

    Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.xxx.2  192.168.xxx.131      10
    192.168.xxx.0    255.255.255.0  192.168.xxx.131  192.168.xxx.131      10
    192.168.xxx.0    255.255.255.0       10.46.75.5      10.46.75.6       1
  192.168.xxx.131  255.255.255.255        127.0.0.1       127.0.0.1       10
  192.168.xxx.255  255.255.255.255  192.168.xxx.131  192.168.xxx.131      10

    What this means is that, while connected, your traffic to 192.168.xxx.0/24 will go across the VPN, but you lose connectivity to your local subnet except for the gateway. In most cases that's a non-issue since it's likely a coffee shop, airport, hotel, etc. If you'd need anything there it may be a DNS server but you can push the client one of those, too.

    Once you disconnect from the VPN, local connectivity is restored.

    0
  • C

    How many nodes does your home network consist of? normally for home users its one computer and router and maybe a few ipads for the kids. Just change the network range on the router. So much easier!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy