> Da: Sassy Natan [mailto:[email protected]] > Inviato: martedì 17 febbraio 2015 00:15 > > Hi Everyone, > > I'm facing a problem which I hope someone will might help me here. > > I'm trying to build a VPN site 2 site with my current shorewall + > openswan configuration with a overlapping IP on both ends. > > Here is my Topology. > > Site A: > eth0 - 172.16.0.0/24 - Internal LAN > eth1 - 10.0.0.0/24 - LAB LAN > eth2 - X.Y.Z.M - Public IP address > > > Site B > eth0 - 192.168.0.0/24 - Internal LAN > eth1 - 10.0.0.0/24 - LAB LAN > eth2 - N.O.L.P - Public IP address > > > I want to setup a VPN from the Internal LAN of Site B (192.168.0.0/24) > to the LAB LAN of Site A (10.0.0.0/24) > > The problem is that Site B already have in it's local routing table > setup to route traffic for the network ID 10.0.0.0/24 via the ETH1 > interface. So traffic can't be routed to the remote site A, without > (1) disabling this network or (2) do some NAT magic.
I agree with other comments that renumbering one of the overlapping networks is the best choice. Nonetheless, in the past I had success with netmap. Looking through old config backups and translating to your networks, here is what I did: On Site A, put this in netmap: SNAT 10.0.0.0/24 eth2 192.168.211.0/24 192.168.0.0/24 DNAT 192.168.211.0/24 eth2 10.0.0.0/24 192.168.0.0/24 On both sites, reconfigured ipsec.conf to connect 192.168.211.0/24 (instead of 10.0.0.0/24) with 192.168.0.0/24. If I remember well, those days I needed only to connect from clients on site A to servers on site B, not the other way around. In that direction it did work. My system was a Fedora with linux around 3.12 and shorewall-4.6.0.2 on site A; a Cisco router with ipsec vpn on site B. But on site B the only change is the remote network mapped in the vpn. HTH Luigi ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
