[Openswan Users] openswan with overlapping subnets

[Daniel Cave]

Nat ( network address translation) everything coming out of your network to something they're not using , like to 172.18.101.1 and set that to be your client lan VPN gw 

Sent from my iPhone

> On 17 Dec 2015, at 19:51, david coleman <david.coleman at promenta.com> wrote:
> 
> Hello – I have a common problem but I have spent a few hours researching and cannot find the definitive answer.
>  
> We are setting up a vpn (site-to-site) to a customer (juniper firewall). We have found that their subnet and our subnet are overlapping.
>  
> So our subnet is on 10.180.11.0/24 and theirs is 10.180.0.0/16
>  
> We have set up site-to-site vpns using openswan before with success but not with this scenario.
>  
> Can we setup the system so that some kind of routing using iptables will make our side look like something that does not overlap like 10.220.11.0/24?
>  
> I mean we would leave our internal network alone but put something in openswan/iptables that “translates” or converts how the other side sees our ip address
>  
> Diagram:
> Their side (10.180.0.0/16) à Their VPN Firewall (public ip) à Internet à our openswan (public) [viewed as 10.220.11.0/24] à some magic fix to map 10.220.11.0/24 to our “real network” of 10.180.11.0/24 à our real servers
>  
> We actually only have 3 servers to be accessed in our network so if we need to do some setup for each individual ip that is fine
>  
> Thanks dave
>  
>  
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20151217/ad39391c/attachment.html>