Re: vpn between networks with private ip network segment conflicts

[Ray Leach <raymondl@knowledgefactory.co.za>]

[-- Attachment #1: Type: text/plain, Size: 1662 bytes --]

On Tue, 2003-05-27 at 19:34, Drew Einhorn wrote:
> Oooo ... I was afraid that was going to be the answer.
> 
> I'll wait a bit and see if someone has a better idea before starting
> in on renumbering a network.
> 
> On Tue, 2003-05-27 at 10:30, Ray Leach wrote:
> > On Tue, 2003-05-27 at 18:03, Drew Einhorn wrote:
> > > My LAN uses network segments 192.168.0.0/24, 192.168.1.0/24, etc.
> > > So does the remote network I need to vpn to (probably using some flavor
> > > of pptp).
> > > 
> > > Is there an odd nat variant that will solve this problem.
> > > Probably need to do some kind of dns transformation on each side.
> > > 
> > > Is there any easy solution.  Perhaps it would be easier (but not easy)
> > > to get the network segments renumbered on one end or the other.
> > 
> > Oooo ... I would go with the second option. Get one end renumbered.

Yes.

I had another thought (those are rare for me)

What if you created a network between the two networks. Like this:

Net1 <-> VPN (CIPE) <-> New NET <-> VPN (CIPE) <-> Net2

Then your routing would be to the new network.

Maybe use some kind of NAT rules to map the new net back to the dest
net. For example:

Net1.host1 (192.168.0.1) wants to connect to net2.host1 (192.168.0.1)
He actually connects to 10.0.0.1 and the VPN/Router1 does a SNAT to its
IP.
VPN/Router2 does a DNAT for the traffic from 10.0.0.1 back to
192.168.0.1

VPN/Router1 has to have a route for 10.0.0.1 pointing to VPN/Router2

Do the same on the other side.

I was thinking of something along the lines of the P-O-M 1:1 NAT patch.

Does this make sense, and might it work?

Ray


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]