Page 1 of 1

Lan to Lan with same IP range

Posted: Thu Aug 29, 2019 10:36 pm
by amselem
Hello

I'd like to create a L3 Lan to Lan VPN, however they share the IP range and I can't change this.

It would be possible to use the SoftEther VirtualNAT/DHCP functionality to translate the addresses when exchanging traffic between both LANs?
I think I should enable VirtualNAT on both VPN servers so each LAN would always sees the traffic coming from the same IP range (the IP assigned by DHCP)

That makes sense? Is there any other way?

Regards
Jacobo

Re: Lan to Lan with same IP range

Posted: Thu Oct 10, 2019 10:36 am
by Stefan A.
Hello Jacobo,

I've similar problem. Did you solve it?
Could you please share your solution?
Thanks.

Best
Stefan

Re: Lan to Lan with same IP range

Posted: Sat Oct 12, 2019 2:05 am
by ozone
Don't think this kind of detail is in SE. Securenat is quite basic.

I would say (on linux):

-In SE: Create virtualhubs for both segments, create bridges and new tap devices on each virtualhub, and bridge them.
-In the host-os, add (one or more) fixed ip-addresses to the tap's, and use iptables with dst-nat to translate (and route) the traffic between the taps-ip's in one segment and dst-ip's in the other (and therefore between the vpn- and lan-segments).

This way, you can translate (and map) basically ANY address in one segment to ANY address in another. Per port is also possible.

Seems simple in the two lines above... But explaining it in detail will probably take at least 2 whole pages. It would be good to check out how natting and iptables works first (if not already done so).