Home Office VPN to Main Office Subnetting



  • Scenario:
    In a typical Main Office - Home Office scenario, I have the Main office Static IPs 111.111.1.96/27 (111.111.1.96 - 111.111.1.127=30 Usable addresses) where my Pfsense 2.1 sits on WAN=111.111.1.99 and my LAN is 172.16.8.0/24 (NAT).

    A home office is on a dynamic address (Cox Cable) let's say currently WAN: 222.222.222.222 (it may change)

    Goal: Using some sort of VPN, preferably OpenVPN, I want to assign a subnet of the main office's Static IPs say: 111.111.1.120/29 (111.111.1.120 - 111.111.1.127=6 Usable addresses) to the LAN of the Home Office.

    In other words, since I can't have static IPs from Cox at the home office, I need to use a subnet of the Main Office's Static IPs to connect some servers or test equipment in the home office.

    Questions:
    1- Do I have to have another firewall configured in bridge mode at the Main Office as LAN: 111.111.1.120/29 (111.111.1.120 - 111.111.1.127=6 Usable addresses) or can I do it on the SAME firewall configured as NAT (see above)

    2- Any other way I can accomplish this in a more creative way?

    Thank you in advance.



  • Setup an OpenVPN site-to-site link from home to main office. Give your home subnet and the OpenVPN tunnel subnet some different private IP address space than the main office. Put OpenVPN server at main office listening on your main static IP (it can listen on some port of your choosing). The OpenVPN client will connect from home, so it does not matter what your home public IP is. Forward port/s from the static IPs at main office to the subnet at home.


Log in to reply