Your net to net vpn will not go directly between the two green subnets.
It will go from your green subnet on IPFire 1, through IPFire1, through provider A’s modem, through provider A to the internet, then to provider B, through provider B’s modem, through IPFire 2 and then to the green subnet on IPFire 2.
You need to change the green subnet you have on IPFire 1 or IPFire 2 as they need to be different subnets at the two ends of the net-to-net VPN tunnel.
To make the connection possible either you need to be able to put the Provider A and Provider B modems into bridge mode so they just pass everything directly through, including the public IP or you need to be able to access the setup menu of those Provider modems to turn on Port Forwarding on each of them. The simplest in this second case is to allow all ports and all IP’s to be forwarded. If the modem does not allow that then you will need to forward the appropriate port and IP/DDNS FQDN that is at the other end of the tunnel.
The simplest setup is if you can put each modem into Bridge mode. Alternatively if the modems are not cable modems but use Ethernet connection to the internet then you could also replace the modems with your IPFire machines. ie have each IPFire connect to the ISP provider at their end.
What modems have your Providers supplied you with.
I’ve already used bridge mode at other locations, and it works perfectly with IPFIRE!
Unfortunately, bridge mode isn’t available at these locations.
One modem is a (TV) cable modem, the other is a 5G WEB Cube with a LAN connection.
Both devices, however, have a fixed IP address from the provider.
Green networks can be configured as desired.
No, this is not necessary. It’s called netmapping. I’ve done that for my first employer about 10 years ago for our solar farms that had all the same network structure. But we had a VPN gateway.
Sorry, no. I don’t work there for many years anymore. It was part of the old forum, so I think it’s lost. We used it with an insys vpn gateway service, but I guess any vpn gateway can do that.
I don’t know, but in theory it was an easy mechanism: you definde virtual networks for every station (those are virtual vpn networks) for exampe:
Station 1: green 172.24.0.0/24; ovpn 10.0.1.0/24
Station 2: green 172.24.0.0/24; ovpn 10.0.2.0/24
Station 1 wants to access Station 2 target 172.24.0.20 → you access 10.0.2.20. Station 2 gets the incoming connection and translates 10.0.2.20 to 172.24.0.20. It maps the net 10.0.2.0/24 to 127.24.0.0/24.
I think you don’t need a vpn gateway for this. We used to have it because of dual stack light and non-public ip addresses by the isp.
If the static IP is on a modem/router (such as supplied by Comcast), drop your ipfire box in a DMZ on the router. Site to Site and OpenVPN will both work.
