IPSEC VPN between same LAN range
-
Hi All,
The following post will give you some idea what I am looking for:
http://forum.pfsense.org/index.php/topic,6546.0.htmlWe have many VPN's to partners who never took the time to change their network ranges on their VPN devices from 192.168.0.x. I am now running into a lot of issues with folks who refuse to renumber their networks but still demand VPN connectivity…
I would love a way in PFSense to create an IPSEC site to site VPN to a 1:1 Natted Network. For example the 192.168.0.x above could "pretend" to be 192.168.5.x. I know that this would have to happen on the client side (192.168.0.x), but we are willing to supply them with a firewall that would do this. (Running PFSense of course!)
I have no idea how much work this would be to implement, so I also have no idea how large of bounty I would need to post to get folks interested. This would be a fantastic feature for PFSense and would make it competitive with much more expensive solutions. Any help you can provide is greatly appreciated!
-
Please make the pledge you think it is worth. For coincidence we where discussing what it is needed to implement this. For the record it is hard to get right/clean.
Anyway either make the pledge or contact bsdperimeter.com for a more through answer. -
I had this same problem and and asked….I was told it was not possible...ended up using a Cisco VPN concentrator to do the job. Depending on how many connections you need it will 2,000 to 4,000 for a concentrator last I looked.
-
I do believe this is being worked on for the 1.3 release. I actually submitted this feature request a bunch of months ago and it looked like it was being worked on even. I believe this is called policy NAT (might just be the cisco terminology).
-
It's been discussed as part of the work Matthew Grooms has done on IPsec in 1.3. Some work will have to be done to support it, but if some people are willing to put up money I'm sure it'll get done sooner rather than later.
-
I will be willing to put money in the pot for that feature!
-
Name your price so we can get this bounty rolling.
-
Still waiting for the Central management Interface solution to start moving. I have offered up a large portion of that bounty. Since no one has responded to requests for a status update I may pull it and put it towards this feature.
-
This feature is actually very important to the CMI type solution or a Nagios monitoring solution since IPSEC tunnels will probably be the most secure way to pass the traffic and depending on how many devices/networks you want to support you are bound to run into several which use the same subnet. I have run into this problem with Banks who use managed services and no one is about to change there subnets for one customer or vendor. That is why Policy NAT is so important in providing services to multiple customers.
-
This feature is something I would really like as well. Additionally, I was wondering if this configuration would also be possible with SSL VPN's using OpenVPN.
In the past month I have recently installed 2 untangle PC's and they only support SSL VPN using OpenVPN. I would like to be able to setup a site to site VPN for monitoring and support purposes. The clients will be connecting using either: Cisco PIX, Cisco ASA, or Untangle's OpenVPN solution. I would consider adding to the bounty as well. Does anyone know if this solution would also work with SSL VPN's?