SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

LAN-to-LAN VPN overlapping subnets

https://www.vpnusers.com/viewtopic.php?f=7&t=4353

Page 1 of 1

LAN-to-LAN VPN overlapping subnets

Posted: Tue Mar 10, 2015 10:03 pm
by marcmoennikes
Hello,

following Scenario:
we have multiple Branch offices (each branch has multpile devices like Printer, Clients, voip phones).
All branch Need Connection to LAN at Headquarter.
Communication between branch offices is not needed.
All branch Offices has 255.255.255.0 Network segments.
similar to:
https://www.softether.org/4-docs/1-manu ... P_Routing)
Problem:
Branch Offices have overlapping subnets. For example 2 Offices are using 192.168.1.0/24.
is there a way to use softether VPN witjout reconfigure the ip subnets?

Maybe a 1:1 NAT for the Offices?
http://www.sophos.com/en-us/support/kno ... 15579.aspx

I want to add a small Computer or raspberry pi at each branch Office for creating the vpn tunnel to Headquarter.
Adding static routes to the Default Gateway for the Headquarter (using the softether device at branch Office).

Regards

Marc

Re: LAN-to-LAN VPN overlapping subnets

Posted: Tue Mar 17, 2015 5:37 am
by marcmoennikes
Hello,

nobody an idea? :-(

Regards

Re: LAN-to-LAN VPN overlapping subnets

Posted: Tue Mar 17, 2015 8:06 am
by GIANT_CRAB
Enable SecureNAT and then do some extra configuration to route the traffic accordingly.

Re: LAN-to-LAN VPN overlapping subnets

Posted: Tue Mar 17, 2015 8:36 am
by marcmoennikes
Hello,

thanks for your reply. Maybe somebody can give me some more Information / hints about configuring secure NAT?

Regards

Re: LAN-to-LAN VPN overlapping subnets

Posted: Tue Mar 17, 2015 9:12 am
by GIANT_CRAB
marcmoennikes wrote:
> Hello,
>
> thanks for your reply. Maybe somebody can give me some more Information /
> hints about configuring secure NAT?
>
> Regards

Basically, it means another "DHCP server" distributing out another set of private IP addresses for connected devices.

For your case, you will need lots of configuration and might be a headache. Plus, SecureNAT overhead is quite a lot and causes a lot processor spikes. Read more: http://www.softether.org/4-docs/1-manua ... Permission

The setup will go like this:

Office 1 uses 192.168.1.0/24
Office 2 uses 192.168.1.0/24
Office 3 uses 192.168.1.0/24
SecureNAT configured to use 10.0.0.0/8 subnet

Office 1 -> Softether VPN with SecureNAT -> Office 2
Office 1 -> Softether VPN with SecureNAT -> Office 3 (this can be done simultaneously if configured properly)


Another better alternative is to use Cascade connections + SecureNAT. Not much SecureNAT routing configuration is needed. Read more: http://www.softether.org/4-docs/1-manua ... onnections

The setup will go like this:

HQ uses 192.168.1.0/24
Office 2 uses 192.168.1.0/24
Office 3 uses 192.168.1.0/24
SecureNAT configured to use 10.0.0.0/8 subnet

HQ device(s) -> Softether VPN -> Office 2's Softether VPN server -> Office 2's devices which are also connected to the VPN server and they get their IP from SecureNAT
HQ device(s) -> Softether VPN -> Office 3's Softether VPN server -> Office 3's devices which are also connected to the VPN server and they get their IP from SecureNAT
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/