the thing is that site B is expecting that traffic over the Tunnel is coming from 172.21.105.0/24 and I sadly cannot change this.
Our Setup has only green 192.168.5.0/24 and red.
That’s exactly the thing, how can it work without having a gateway.
It won’t I guess. That’s the Problem. Is this Setup even possible with IPFire?
There actually won’t be any client with the address 172.21.105.x.
This subnet 172.21.105.0/24 is only needed for the traffic through the IPSec tunnel.
I now was thinking of making a vlan with Blue over the green NIC.
The new Blue VLAN would have 172.21.105.0/24.
is it possible to make a IPSec tunnel with blue on site A and route the traffic from green over blue to site B?
What a bullsh*t.
If 172.21.105.0 has no clients, with what should the Site B communicate?!
You must change the remote-subnet to 192.168.5.0 on Site B or change your green network on Site A from 192.168.5.0 to 172.21.105.0. How else would Site B know where 192.168.5.0 is?!
@steven Can I ask you a question, since my understanding of routing is really poor? OP has made the point that SIte B is administered by others and they have chosen (and I presume imposed to OP) to establish tunnel with site A excluding its green network because it is mapped to 192.168.5.0/24 which is a network range also present on site B. This implies some sort of problem that requires a clear separation between the local network on SIte A and the local network on site B.
My question is: does it? Is there really a conflict or a problem? To me it looks like this is perfectly compatible! And with “this”, I mean having similar network ranges at both ends of a tunnel.
Indeed it is a bullsh*t but unfortunately this is the way it has to be. I have no control over site B and they are unwilling to change anything on their site.
So Site A 192.168.5.10 sents a request to 10.2.44.10.
192.158.5.10 has to become e.g. 172.21.105.10 on site A through NATing
10.2.44.10 sents the response back to 172.21.105.10 so site B knows where to sent the response.
Is this somehow possible to do with IPFire or not?
I’m running out of ideas how I can implement this with only one green network.
Could it be possible to do this with 172.21.105/24 being VLAN Blue or are there to many restrictions between green and blue?
Is blue even allowed traffic through IPSec?
I read for OpenVPN you have to configure specific routes in the openvpn config files in order to let blue through.
I think you best chance is to keep working with the command line using @steven strategy. The goal is to create an alias on the top of green0 (green0:0) linked to 172.21.105.0/24. Then you create an SNAT, by command line if necessary, in the firewall from green0 address range to green0:0 address range.
Alternatively, you could try to create blue0 dummy interface (see the same tutorial above, plus this one), link it to 172.21.105.0/24 and bridge it with green0.