Menu
▾
▴
Re: [leaf-user] OpenVpnZ Question?
|
From: Erkki L. <eb...@ik...> - 2009-01-09 15:32:45
|
Hello, on 8.1.2009 05:21 n22e113 wrote: > I have been reading but cannot find anything on this! > Q. Is the following possible? (ie. both end points have the same subnet IP addresses)! > Thanks, Kwon > > fw(leaf)--loc1(192.168.1.0/24) > | +--dmz1(192.168.2.0/24) > | > Internet > +(openvpnz) > | > | > fw(leaf)--loc2(192.168.1.0/24) > +--dmz2(192.168.2.0/24) As already told it is better fix this right from the start. But to get you screwed up I have seen two documents describing the problem and its possible solutions. At Netfilter.org there are two methods described, double NAT <http://netfilter.org/documentation/HOWTO//netfilter-double-nat-HOWTO.html> and NETMAP netfilter target <http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-4.html> I have no experience in using the above methods for the problem. I would also consider to create new private networks for either side or both, if both sites contain accessible services, ie. create dmz3 (192.168.4.0/23) for masking loc1 and dmz1 and dmz4 (192.168.6.0/23) for loc2 and dmz2. Then you just route between those and NAT needed services or NETMAP whole networks. I haven't checked, if leaf bering uclibc contain netfilter module for NETMAP target. Best regards, Erkki |