How to access OpenVPN remote LAN when local LAN has the same network address
abren last edited by
It took me a little while to figure this out, so I hope to save someone else the aggravation.
I have two separate LAN segments that have the same network address (192.168.1.0/24). One LAN has a pfSense OpenVPN server to connect remote clients to a local FTP server (for this example).
- pfSense OpenVPN Server
- FTP Server
- Third-party Gateway
- Host 1 (OpenVPN client)
In my scenario, Host 1 (on Network B) needs to access the FTP server on Network A. Ideally, traffic should be routed from the Network B gateway to the pfSense OpenVPN server, then to the Network A LAN.
Since both networks share the same network address, a connection attempt from Network B to 192.168.1.100 fails because that address is considered part of the local LAN and does not get routed through the tunnel.
To get around this problem, I created a "virtual" IP address for the FTP server using port forwarding.
Under Firewall->NAT->Port Forward, create a new rule.
- Set the interface to OpenVPN.
- Set the protocol, as necessary.
- Set the destination to your "virtual" IP address. I used 192.168.2.100.
- Set the destination port range (21 in this example).
- Set the redirect target IP to the real IP address of the FTP server (192.168.1.100).
- Set the redirect target port range (21 in this example).
- Set the filter rule association to Pass.
Now the FTP server on Network A essentially looks like this:
- FTP Server
Clients on Network B can access the FTP server over the tunnel by referring to it using its "virtual" IP address.