Follow

OpenVPN network mapping

Background

This lesson will guide your through the configuration of mapping of local networks in order to make a remote network reachable by using a different subnet address.

With this configuration, there is the possibility to connect two local networks which have the same local subnet address by using OpenVPN, without touching any real IP address assignment of subnet configuration, but only by masking a remote subnet with another subnet address on Endian UTM appliances side.

Scenario

Two sites with same network needs to communicate each other without changing the local network configurations.

Site A RED IP: 10.4.0.82

Site A Local Network: 192.168.1.0/24

Site B Local Network: 192.168.1.0/24

Solution

We need to Map both local networks with dedicated networks in order to allow bidirectional communication.

In this example we will map “Site A” local network with 192.168.254.0/24 and “site B” local network with 192.168.253.0/24.

The network mapping will take care to translate automatically ip of “Site A” local network into IP of 192.168.254.0/24 network and IP of “Site B” local network into ip of 192.168.253.0/24 network.

Let’s say that 192.168.1.100 (“Site A”) needs to communicate with 192.168.1.100 (“Site B”),mapping will automatically translate 192.168.1.100 of site A into 192.168.254.100 and 192.168.1.100 of site B into 192.168.253.100

Warning

Source network and “mapped” network need to have the same size (i.e both /24)

On Site A appliance

On Site A appliance, which will be the OpenVPN server, follow the following steps:

- Add a routed OpenVPN instance with a dedicated VPN subnet and push the "Site A" mapped network:

- Add a VPN user that will be used on Site B appliance to establish the connection ans set as Network behind client the "site B" mapped network:

- Add Source NAT mapping rule (source is the real network, destination is the "site B" mapped network):

- Add Destination NAT mapping rule (click on “Advanced Mode”)."Incoming IP" is the "Site A" mapped network. Mapping will be triggered only if the connections come from 192.168.253.0/24 ("Site B" mapped network):

- Only if VPN firewall is enabled, add VPN traffic rules:

On Site B appliance

On Site B appliance, which will connect to Site A OpenVPN server configured on Site A appliance, follow the following steps: 

- Add an OpenVPN client (Gw2Gw) tunnel:

- Add Destination NAT mapping rule (click on “Advanced Mode”):

- Add Source NAT mapping rule:

- Only if VPN firewall is enabled, add VPN traffic rules:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments