[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] NAT for clients in the VPN'd private address space

  • Subject: Re: [Openvpn-users] NAT for clients in the VPN'd private address space
  • From: Giancarlo Razzolini <linux-fan@xxxxxxxxxxx>
  • Date: Mon, 02 May 2005 14:12:14 -0300
    Very good how-to. But i do this in a different way. I use the VPN to
access the LAN of my clients, for support purposes. Some of them have
the same subnet, and i remap the address using NETMAP too. But i do this
by masquerading my ip on the client, and by doing only a PREROUTING
rule. I do believe that there is no need of a POSTROUTING rule. But i'd
liked the proxy arp advice. I never used it. I think this doc should be
integrated on the official openvpn doc's.

Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85



Jamie Lokier wrote:

>Nick Martin wrote:
>
>
>>Recently I had to set up a VPN for a corporate network numbered in the
>>192.168/16 private range. Unfortunately, many VPN clients are also
>>assigned numbers in this address range.
>>
>>
>
>Yup, it's a problem.
>
>
>
>>After much searching for other people with this same problem, I
>>decided to go with the one-to-one NAT NETMAP solution proposed in
>>the OpenVPN FAQ. Since the directions in the FAQ weren't very clear,
>>and it seems many other people have had this problem, I decided to
>>write up a page explaining what I did. I hope other people will find
>>this information useful:
>>
>>http://www.nimlabs.org/~nim/dirtynat.html
>>
>>
>
>>From the document:
>
>
>>>The solution I settled on was to create a one-to-one NAT to remap all
>>>of corporate LAN to a different private netblock (10.22/16), and put
>>>the client into that range. To the hosts in the corporate network, the
>>>VPN client appears to be in 192.168/16 and to the client the corporate
>>>network seems to be 10.22/16.
>>>
>>>
>
>Not all "coffee shops" use 192.168/16.  What happens when the coffee
>shop assigns the remote worker 10.22.0.20?  Same problem.
>
>Is it solvable?
>
>-- Jamie
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: NEC IT Guy Games.
>Get your fingers limbered up and give it your best shot. 4 great events, 4
>opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
>_______________________________________________
>Openvpn-users mailing list
>Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
>

Attachment: signature.asc
Description: OpenPGP digital signature