On 08/27/2010 04:16 PM, Llaminku wrote:
Hi,
I have the following situation that I wonder if it can be solved with one
pfsense box (1.2.3 of 2.0).
- I need to setup a pfsense box with two VPN tunnels to two (client)
networks (site to site). These two networks have an overlapping address
space. Can this be done?
- No traffic between these two networks is allowed because of the following
bullet:
- Next, there are two groups of home users. Group one users need VPN access
to network 1 but not to network 2. For Group two users it should be the
other way around.
Is it possible to configure the pfsense box for this setup? Will it be
possible without NAT (because of the overlapping address space)? What are
the restrictions with this setup?
As said on the list, one box cannot distinguish two identical network
subnets on 2 seperate interfaces.
You could probably somehow get away with some NAT'ing if you do the NAT
on the remote vpn endpoints.
That way the central pfsense box would not see the two identical networks.
However, that would make it very hard to allow VPN users on the central
pfsense box to access services on the remote networks.
Depending on the protocol, you could setup some port forwarding, but
that would not work for all protocols.
All considered, it would be very hard to accomplish and maintain.
Changing one of the subnets would sure be the faster and better way.
Regards,
H.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
