We have 3 sites connected with 3 IPFIRE devices on 3 public IP addresses.
Site A and site C have already established a IPSEC Lan-to-Lan VPN tunnel between their green local networks.
Now I need to add a Lan-to-Lan VPN between Site A and Site B.
Unfortunately, site B green network has the same address of Site C (192.168.1.0).
Of course, we cannot modify these addresses.
Theoretical solution: map site B network address to a “virtual” address VB (SNAT, etc.) and establish the VPN link between VB and 192.168.2.0.
Does anyone know how to set it up?
Would the scenario of Site B and C needing to access resources at each others site ever come up?
E.g. say a NAS at Site B which Site C users may need access to?
This might be possible with strict IP address / manual assignment - you can maybe do DHCP over the IPSEC from a central point (i.e. Site A).
Is there a reason the Site B & C subnet ranges can’t be changed?
I suppose is the easier way from IPFIRE point of view.
If the solution is chaotic, we’ll manage to split the green LAN in two subnet and link only one via VPN
This might be possible with strict IP address / manual assignment - you can maybe do DHCP over the IPSEC from a central point (i.e. Site A).
Is there a reason the Site B & C subnet ranges can’t be changed?
In theory the VTI tunnel might work, it’s just the problem managing IP resources to prevent collisions - the only thing I don’t know is if it’s possible for the VTI tunnel to properly route between 2 IPSEC links using the same IP range… or if it works with same range and a CIDR mask splitting that range…
Not something I’ve ever tried and I haven’t used IPSEC in IPFire in a while (due to no need / circumstances).
It might be better to use openvpn on the site B connection to site A so that there is a completely different subnet assigned as well as the connection is in a different and separate connection encryption and process running on the main server on site A.
|