OpenVPN: How to connect two sites with same network address


This lesson will guide your through the configuration of mapping of local networks in order to make a remote network reachable by using a different subnet address.

With this configuration, there is the possibility to connect two local networks which have the same local subnet address by using OpenVPN, without touching any real IP address assignment of subnet configuration, but only by masking a remote subnet with another subnet address on Endian UTM appliances side.


Two sites with same network needs to communicate each other without changing the local network configurations.

Site A RED IP:

Site A Local Network:

Site B Local Network:


We need to Map both local networks with dedicated networks in order to allow bidirectional communication.

In this example we will map “Site A” local network with and “site B” local network with

The network mapping will take care to translate automatically ip of “Site A” local network into IP of network and IP of “Site B” local network into ip of network.

Let’s say that (“Site A”) needs to communicate with (“Site B”),mapping will automatically translate of site A into and of site B into


Source network and “mapped” network need to have the same size (i.e both /24)

On Site A appliance

On Site A appliance, which will be the OpenVPN server, follow the following steps:

- Add a routed OpenVPN instance with a dedicated VPN subnet and push the "Site A" mapped network:

- Add a VPN user that will be used on Site B appliance to establish the connection ans set as Network behind client the "site B" mapped network:

- Add Source NAT mapping rule (source is the real network, destination is the "site B" mapped network):

- Add Destination NAT mapping rule (click on “Advanced Mode”)."Incoming IP" is the "Site A" mapped network. Mapping will be triggered only if the connections come from ("Site B" mapped network):

- Only if VPN firewall is enabled, add VPN traffic rules:

On Site B appliance

On Site B appliance, which will connect to Site A OpenVPN server configured on Site A appliance, follow the following steps: 

- Add an OpenVPN client (Gw2Gw) tunnel:

- Add Destination NAT mapping rule (click on “Advanced Mode”):

- Add Source NAT mapping rule:

- Only if VPN firewall is enabled, add VPN traffic rules:

Have more questions? Submit a request