Hello,
following Scenario:
we have multiple Branch offices (each branch has multpile devices like Printer, Clients, voip phones).
All branch Need Connection to LAN at Headquarter.
Communication between branch offices is not needed.
All branch Offices has 255.255.255.0 Network segments.
similar to:
https://www.softether.org/4-docs/1-manu ... P_Routing)
Problem:
Branch Offices have overlapping subnets. For example 2 Offices are using 192.168.1.0/24.
is there a way to use softether VPN witjout reconfigure the ip subnets?
Maybe a 1:1 NAT for the Offices?
http://www.sophos.com/en-us/support/kno ... 15579.aspx
I want to add a small Computer or raspberry pi at each branch Office for creating the vpn tunnel to Headquarter.
Adding static routes to the Default Gateway for the Headquarter (using the softether device at branch Office).
Regards
Marc
LAN-to-LAN VPN overlapping subnets
-
marcmoennikes
- Posts: 7
- Joined: Sun Dec 21, 2014 2:41 pm
Re: LAN-to-LAN VPN overlapping subnets
Hello,
nobody an idea? :-(
Regards
nobody an idea? :-(
Regards
-
GIANT_CRAB
- Posts: 62
- Joined: Tue Mar 17, 2015 7:54 am
Re: LAN-to-LAN VPN overlapping subnets
Enable SecureNAT and then do some extra configuration to route the traffic accordingly.
-
marcmoennikes
- Posts: 7
- Joined: Sun Dec 21, 2014 2:41 pm
Re: LAN-to-LAN VPN overlapping subnets
Hello,
thanks for your reply. Maybe somebody can give me some more Information / hints about configuring secure NAT?
Regards
thanks for your reply. Maybe somebody can give me some more Information / hints about configuring secure NAT?
Regards
-
GIANT_CRAB
- Posts: 62
- Joined: Tue Mar 17, 2015 7:54 am
Re: LAN-to-LAN VPN overlapping subnets
marcmoennikes wrote:
> Hello,
>
> thanks for your reply. Maybe somebody can give me some more Information /
> hints about configuring secure NAT?
>
> Regards
Basically, it means another "DHCP server" distributing out another set of private IP addresses for connected devices.
For your case, you will need lots of configuration and might be a headache. Plus, SecureNAT overhead is quite a lot and causes a lot processor spikes. Read more: http://www.softether.org/4-docs/1-manua ... Permission
The setup will go like this:
Office 1 uses 192.168.1.0/24
Office 2 uses 192.168.1.0/24
Office 3 uses 192.168.1.0/24
SecureNAT configured to use 10.0.0.0/8 subnet
Office 1 -> Softether VPN with SecureNAT -> Office 2
Office 1 -> Softether VPN with SecureNAT -> Office 3 (this can be done simultaneously if configured properly)
Another better alternative is to use Cascade connections + SecureNAT. Not much SecureNAT routing configuration is needed. Read more: http://www.softether.org/4-docs/1-manua ... onnections
The setup will go like this:
HQ uses 192.168.1.0/24
Office 2 uses 192.168.1.0/24
Office 3 uses 192.168.1.0/24
SecureNAT configured to use 10.0.0.0/8 subnet
HQ device(s) -> Softether VPN -> Office 2's Softether VPN server -> Office 2's devices which are also connected to the VPN server and they get their IP from SecureNAT
HQ device(s) -> Softether VPN -> Office 3's Softether VPN server -> Office 3's devices which are also connected to the VPN server and they get their IP from SecureNAT
> Hello,
>
> thanks for your reply. Maybe somebody can give me some more Information /
> hints about configuring secure NAT?
>
> Regards
Basically, it means another "DHCP server" distributing out another set of private IP addresses for connected devices.
For your case, you will need lots of configuration and might be a headache. Plus, SecureNAT overhead is quite a lot and causes a lot processor spikes. Read more: http://www.softether.org/4-docs/1-manua ... Permission
The setup will go like this:
Office 1 uses 192.168.1.0/24
Office 2 uses 192.168.1.0/24
Office 3 uses 192.168.1.0/24
SecureNAT configured to use 10.0.0.0/8 subnet
Office 1 -> Softether VPN with SecureNAT -> Office 2
Office 1 -> Softether VPN with SecureNAT -> Office 3 (this can be done simultaneously if configured properly)
Another better alternative is to use Cascade connections + SecureNAT. Not much SecureNAT routing configuration is needed. Read more: http://www.softether.org/4-docs/1-manua ... onnections
The setup will go like this:
HQ uses 192.168.1.0/24
Office 2 uses 192.168.1.0/24
Office 3 uses 192.168.1.0/24
SecureNAT configured to use 10.0.0.0/8 subnet
HQ device(s) -> Softether VPN -> Office 2's Softether VPN server -> Office 2's devices which are also connected to the VPN server and they get their IP from SecureNAT
HQ device(s) -> Softether VPN -> Office 3's Softether VPN server -> Office 3's devices which are also connected to the VPN server and they get their IP from SecureNAT