Re: [Shorewall-users] Shorewall with Overlapping IPs

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sassy Natan <sa...@gm...> wrote:

> I'm trying to build a VPN site 2 site with my current shorewall + openswan configuration with a overlapping IP on both ends.
> 
> Here is my Topology.
> 
> Site A:
> eth0 - 172.16.0.0/24 - Internal LAN
> eth1 - 10.0.0.0/24 - LAB LAN
> eth2 - X.Y.Z.M - Public IP address
> 
> 
> Site B
> eth0 - 192.168.0.0/24 - Internal LAN
> eth1 - 10.0.0.0/24 - LAB LAN
> eth2 - N.O.L.P - Public IP address
> 
> 
> I want to setup a VPN from the Internal LAN of Site B (192.168.0.0/24) to the LAB LAN of Site A (10.0.0.0/24)
> 
> The problem is that Site B already have in it's local routing table setup to route traffic for the network ID 10.0.0.0/24 via the ETH1 interface. So traffic can't be routed to the remote site A, without (1) disabling this network or (2) do some NAT magic.

Your network is broken. Option 3 is to renumber part of the network so it isn't broken.
I know it's painful to do (I've been through that process in the past as part of a corporate change) but it will save you just soooooo much hassle down the line.