[Openswan Users] openswan with overlapping subnets
david coleman
david.coleman at promenta.com
Thu Dec 17 14:51:55 EST 2015
Hello – I have a common problem but I have spent a few hours researching and cannot find the definitive answer.
We are setting up a vpn (site-to-site) to a customer (juniper firewall). We have found that their subnet and our subnet are overlapping.
So our subnet is on 10.180.11.0/24 and theirs is 10.180.0.0/16
We have set up site-to-site vpns using openswan before with success but not with this scenario.
Can we setup the system so that some kind of routing using iptables will make our side look like something that does not overlap like 10.220.11.0/24?
I mean we would leave our internal network alone but put something in openswan/iptables that “translates” or converts how the other side sees our ip address
Diagram:
Their side (10.180.0.0/16) --> Their VPN Firewall (public ip) --> Internet --> our openswan (public) [viewed as 10.220.11.0/24] --> some magic fix to map 10.220.11.0/24 to our “real network” of 10.180.11.0/24 --> our real servers
We actually only have 3 servers to be accessed in our network so if we need to do some setup for each individual ip that is fine
Thanks dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20151217/deaa8f75/attachment.html>
More information about the Users
mailing list