|
|
Very good how-to. But i do this in a different way. I use the VPN to access the LAN of my clients, for support purposes. Some of them have the same subnet, and i remap the address using NETMAP too. But i do this by masquerading my ip on the client, and by doing only a PREROUTING rule. I do believe that there is no need of a POSTROUTING rule. But i'd liked the proxy arp advice. I never used it. I think this doc should be integrated on the official openvpn doc's. Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 Jamie Lokier wrote: >Nick Martin wrote: > > >>Recently I had to set up a VPN for a corporate network numbered in the >>192.168/16 private range. Unfortunately, many VPN clients are also >>assigned numbers in this address range. >> >> > >Yup, it's a problem. > > > >>After much searching for other people with this same problem, I >>decided to go with the one-to-one NAT NETMAP solution proposed in >>the OpenVPN FAQ. Since the directions in the FAQ weren't very clear, >>and it seems many other people have had this problem, I decided to >>write up a page explaining what I did. I hope other people will find >>this information useful: >> >>http://www.nimlabs.org/~nim/dirtynat.html >> >> > >>From the document: > > >>>The solution I settled on was to create a one-to-one NAT to remap all >>>of corporate LAN to a different private netblock (10.22/16), and put >>>the client into that range. To the hosts in the corporate network, the >>>VPN client appears to be in 192.168/16 and to the client the corporate >>>network seems to be 10.22/16. >>> >>> > >Not all "coffee shops" use 192.168/16. What happens when the coffee >shop assigns the remote worker 10.22.0.20? Same problem. > >Is it solvable? > >-- Jamie > > >------------------------------------------------------- >This SF.Net email is sponsored by: NEC IT Guy Games. >Get your fingers limbered up and give it your best shot. 4 great events, 4 >opportunities to win big! Highest score wins.NEC IT Guy Games. Play to >win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 >_______________________________________________ >Openvpn-users mailing list >Openvpn-users@xxxxxxxxxxxxxxxxxxxxx >https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > Attachment:
signature.asc Attachment:
signature.asc Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00013.html on line 252 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00013.html on line 252 |